Abstract
A common way to protect objects in distributed systems is to issue authorization certificates to users, which they present to gain access. In some situations a way is needed to revoke existing certificates. Current methods, such as having a master revocation list, have been designed to work efficiently with identity certificates, and to not take into account the delegation of certificate-issuing rights required when implementing complex administrative hierarchies for large distributed applications. In this paper we present a novel mechanism for revoking authorization certificates based on clustering users and servers, and present arguments showing that it is more efficient than other methods. We also discuss a way for probabilistically auditing the use of the revocation mechanism proposed to reduce the chances of any component behaving maliciously. © 2003 IEEE.
Original language | English |
---|---|
Title of host publication | Proceedings - 8th IEEE International Symposium on Computers and Communication, ISCC 2003 |
Publisher | IEEE |
Pages | 225-231 |
Number of pages | 7 |
ISBN (Print) | 076951961X, 9780769519616 |
DOIs | |
Publication status | Published - 2003 |
Event | 8th IEEE International Symposium on Computers and Communication, ISCC 2003 - Kemer-Antalya, Turkey Duration: 30 Jun 2003 → 3 Jul 2003 |
Conference
Conference | 8th IEEE International Symposium on Computers and Communication, ISCC 2003 |
---|---|
Country/Territory | Turkey |
City | Kemer-Antalya |
Period | 30/06/03 → 3/07/03 |