SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2012
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/72800 |
| _version_ | 1811076942096498688 |
|---|---|
| author | Clarke, Dwaine E. (Dwaine Errol), 1976- |
| author2 | Ronald L. Rivest. |
| author_facet | Ronald L. Rivest. Clarke, Dwaine E. (Dwaine Errol), 1976- |
| author_sort | Clarke, Dwaine E. (Dwaine Errol), 1976- |
| collection | MIT |
| description | Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001. |
| first_indexed | 2024-09-23T10:31:23Z |
| format | Thesis |
| id | mit-1721.1/72800 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T10:31:23Z |
| publishDate | 2012 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/728002019-04-12T20:21:20Z SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI Clarke, Dwaine E. (Dwaine Errol), 1976- Ronald L. Rivest. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001. Includes bibliographical references (leaves 155-160). The issue of trust is of growing importance as our communities become increasingly interconnected. When resources are shared over an untrusted network, how are decisions on which principals are authorized to perform particular actions determined? SPKI/SDSI, a security infrastructure based on public-keys, is designed to facilitate the development of scalable, secure, distributed computing systems. It provides fine-grained access control, using a local name space hierarchy, and a simple, flexible, trust policy model; these features allow for the ability to create groups and delegate authorizations. Project Geronimo, named after the famous Native-American Apache chief, explores the viability of SPKI/SDSI by using it to provide access control over the Web. The infrastructure was integrated into the Netscape web client and Apache web server, using a previously developed SPKI/SDSI C Library. This thesis focuses on the server implementation. An SPKI/SDSI Apache module was designed and implemented: its principle functions are to protect web objects using SPKI/SDSI ACLs, and to determine whether HTTP client requests should be permitted to perform particular operations on protected objects. An administrative tool was developed to enable ACLs to be created, and updated, securely. The thesis also describes the algorithm for certificate chain discovery in SPKI/SDSI. Finally, the demonstration developed for Project Geronimo is outlined. The demo was successfully shown to our sponsors and various groups within the Laboratory for Computer Science. by Dwaine E. Clarke. M.Eng. 2012-09-13T18:52:03Z 2012-09-13T18:52:03Z 2001 2001 Thesis http://hdl.handle.net/1721.1/72800 51333112 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 160 leaves application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Clarke, Dwaine E. (Dwaine Errol), 1976- SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI |
| title | SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI |
| title_full | SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI |
| title_fullStr | SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI |
| title_full_unstemmed | SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI |
| title_short | SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI |
| title_sort | spki sdsi http server certificate chain discovery in spki sdsi |
| topic | Electrical Engineering and Computer Science. |
| url | http://hdl.handle.net/1721.1/72800 |
| work_keys_str_mv | AT clarkedwaineedwaineerrol1976 spkisdsihttpservercertificatechaindiscoveryinspkisdsi |