Results 1 - 10
of
22
Chord: A Scalable Peer-to-Peer Lookup Protocol for Internet Applications
- ACM SIGCOMM
, 2001
"... A fundamental problem that confronts peer-to-peer applications is the efficient location of the node that stores a desired data item. This paper presents Chord, a distributed lookup protocol that addresses this problem. Chord provides support for just one operation: given a key, it maps the key onto ..."
Abstract
-
Cited by 809 (15 self)
- Add to MetaCart
(Show Context)
A fundamental problem that confronts peer-to-peer applications is the efficient location of the node that stores a desired data item. This paper presents Chord, a distributed lookup protocol that addresses this problem. Chord provides support for just one operation: given a key, it maps the key onto a node. Data location can be easily implemented on top of Chord by associating a key with each data item, and storing the key/data item pair at the node to which the key maps. Chord adapts efficiently as nodes join and leave the system, and can answer queries even if the system is continuously changing. Results from theoretical analysis and simulations show that Chord is scalable: communication cost and the state maintained by each node scale logarithmically with the number of Chord nodes.
Survey of Research towards Robust Peer-to-Peer Networks: Search Methods
- COMPUTER NETWORKS
, 2004
"... ..."
Efficient, Self-Contained Handling of Identity in Peer-to-Peer Systems
- IEEE Transactions on Knowledge and Data Engineering
, 2004
"... Identification is an essential building block for many services in distributed information systems. The quality and purpose of identification may differ, but the basic underlying problem is always to bind a set of attributes to an identifier in a unique and deterministic way. ..."
Abstract
-
Cited by 24 (6 self)
- Add to MetaCart
(Show Context)
Identification is an essential building block for many services in distributed information systems. The quality and purpose of identification may differ, but the basic underlying problem is always to bind a set of attributes to an identifier in a unique and deterministic way.
Authorization in Trust Management: Features and Foundations
"... Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of det ..."
Abstract
-
Cited by 18 (0 self)
- Add to MetaCart
Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern stateof-the-art in trust management authorization, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.
Optimal Dispersal of Certificate Chains
, 2006
"... Abstract—We consider a network where users can issue certificates that identify the public keys of other users in the network. The issued certificates in a network constitute a set of certificate chains between users. A user u can obtain the public key of another user v from a certificate chain from ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
Abstract—We consider a network where users can issue certificates that identify the public keys of other users in the network. The issued certificates in a network constitute a set of certificate chains between users. A user u can obtain the public key of another user v from a certificate chain from u to v in the network. For the certificate chain from u to v, u is called the source of the chain and v is called the destination of the chain. Certificates in each chain are dispersed between the source and destination of the chain such that the following condition holds. If any user u needs to securely send messages to any other user v in the network, then u can use the certificates stored in u and v to obtain the public key of v (then u can use the public key of v to set up a shared key with v to securely send messages to v). The cost of dispersing certificates in a set of chains among the source and destination users in a network is measured by the total number of certificates that need to be stored in all users. A dispersal of a set of certificate chains in a network is optimal if no other dispersal of the same chain set has a strictly lower cost. In this paper, we show that the problem of computing optimal dispersal of a given chain set is NP-complete. Thus, minimizing the total number of certificates stored in all users is NP-complete. We identify three special classes of chain sets that are of practical interests and devise three polynomial-time algorithms that compute optimal dispersals for each class. We also present two polynomial-time extensions of these algorithms for more general classes of chain sets. Index Terms—Security and privacy protection, authentication, security and protection, authentication, certificate graph, certificate dispersal, public-key management. Ç 1
Risk management for distributed authorization
- J. Comput. Secur
, 2007
"... Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these e ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
(Show Context)
Distributed authorization takes into account several elements, including certificates that may be provided by non-local actors. While most trust management systems treat all assertions as equally valid up to certificate authentication, realistic considerations may associate risk with some of these elements, for example some actors may be less trusted than others. Furthermore, practical online authorization may require certain levels of risk to be tolerated. In this paper, we introduce a trust management logic based on the system RT that incorporates formal risk assessment. This formalization allows risk levels to be associated with authorization, and authorization risk thresholds to be precisely specified and enforced. We also develop an algorithm for automatic authorization in a distributed environment, that is directed by risk considerations. A variety of practical applications are discussed.
How to Resolve SDSI Names Without Closure
, 2002
"... This paper presents two new algorithms that support efficient and complete SDSI name resolution without requiring closure over the set of certificates. This is particularly important for large, distributed certificate sets where calculating the full closure may be prohibitively expensive in terms of ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
This paper presents two new algorithms that support efficient and complete SDSI name resolution without requiring closure over the set of certificates. This is particularly important for large, distributed certificate sets where calculating the full closure may be prohibitively expensive in terms of time, storage, and/or communication.
ABSTRACT
"... Security abstractions in programming languages benefit from the ability to base access control decisions on the temporal context of program execution. In this paper we formalize the notion of a history as a sequence of program events produced during program execution, and which allows execution cont ..."
Abstract
- Add to MetaCart
(Show Context)
Security abstractions in programming languages benefit from the ability to base access control decisions on the temporal context of program execution. In this paper we formalize the notion of a history as a sequence of program events produced during program execution, and which allows execution contexts to be precisely characterized. We define a language λhist to model the incorporation of histories in evaluation, and present a sound type analysis for statically verifying program safety in the presence of histories. An approximate type inference algorithm is defined, though inference in the general case is shown to be undecidable. 1.
Trust Management: Features and Foundations
"... Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of det ..."
Abstract
- Add to MetaCart
Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern stateof-the-art in trust management, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.
