A Certificate Revocation Scheme for a Large-Scale Highly Replicated Distributed System

B.C. Popescu, B. Crispo, A.S. Tanenbaum

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

A common way to protect objects in distributed systems is to issue authorization certificates to users, which they present to gain access. In some situations a way is needed to revoke existing certificates. Current methods, such as having a master revocation list, have been designed to work efficiently with identity certificates, and to not take into account the delegation of certificate-issuing rights required when implementing complex administrative hierarchies for large distributed applications. In this paper we present a novel mechanism for revoking authorization certificates based on clustering users and servers, and present arguments showing that it is more efficient than other methods. We also discuss a way for probabilistically auditing the use of the revocation mechanism proposed to reduce the chances of any component behaving maliciously. © 2003 IEEE.
Original languageEnglish
Title of host publicationProceedings - 8th IEEE International Symposium on Computers and Communication, ISCC 2003
PublisherIEEE
Pages225-231
Number of pages7
ISBN (Print)076951961X, 9780769519616
DOIs
Publication statusPublished - 2003
Event8th IEEE International Symposium on Computers and Communication, ISCC 2003 - Kemer-Antalya, Turkey
Duration: 30 Jun 20033 Jul 2003

Conference

Conference8th IEEE International Symposium on Computers and Communication, ISCC 2003
Country/TerritoryTurkey
CityKemer-Antalya
Period30/06/033/07/03

Fingerprint

Dive into the research topics of 'A Certificate Revocation Scheme for a Large-Scale Highly Replicated Distributed System'. Together they form a unique fingerprint.

Cite this