FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2238250073> ?p ?o ?g. }

• W2238250073 abstract "Aalto University, P.O. Box 11000, FI-00076 Aalto www.aalto.fi Author Yki Kortesniemi Name of the doctoral dissertation Access Control in Distributed Systems using SPKI Authorisation Certificates Publisher School of Electrical Engineering Unit Department of Communications and Networking Series Aalto University publication series DOCTORAL DISSERTATIONS 63/2015 Field of research Networking Technology Manuscript submitted 23 February 2015 Date of the defence 29 May 2015 Permission to publish granted (date) 9 April 2015 Language English Monograph Article dissertation (summary + original articles) Abstract In distributed systems, the ability to effectively manage access to a large number of resources can be challenging. The situation becomes even more difficult, when there are limited computational resources or network availability to implement the access control solution. Examples are Internet of Things (IoT) applications, such as the many internet-connected devices at home. To make them easy to use, there has to exist a relatively simple way to manage the large number of devices and to, e.g., grant temporary access to some of them for a visiting friend. In this dissertation, I examine how the problem can be overcome with the Simple Public Key Infrastructure (SPKI), which expresses access rights as cryptographically signed authorisation certificates. I approach the issue from several angles. First, I develop a phase model to analyse the access control process / certificate life-cycle and use it to study SPKI and other certificate technologies for access control while pointing out areas requiring future work. Although SPKI has been studied for some 20 years, standardisation has not been completed. I identify three important missing parts of SPKI in utilising the certificates, as well as in managing and validating online conditions. I also expand the SPKI model to support usage quotas. I then design solutions for all these areas and analyse the resultant system for its applicability, scalability, security and usability. Of particular interest are system performance and privacy. My final focus area is certificate chain reduction, a proposed way to improve performance and privacy of SPKI. I study the approach in detail, identify the relevant design choices for the systems architect, and design a protocol for requesting reductions. For performance evaluation we implemented a prototype, which demonstrates that even modern embedded devices can reach transaction times of one second including all communication delays and using only a software implementation for cryptography. We also found that the transaction was over 40 % faster with chain reduction thus proving the promise of improved performance. Using such reductions does requires a reduction server, but calculations from our use case show that even with pessimistic assumptions, a single reduction server can support millions of users thus making scalability a manageable issue. Privacy-wise, SPKI is a good solution with support for anonymous identities and chain reduction can further improve user privacy by hiding additional information. Finally, all my use cases demonstrate the same certificate chain structure, an hourglass-model, which I hypothesise is prevalent in many other systems, as well. It forms natural basis for reduction and provides for a consistent performance regardless of certificate chain length.In distributed systems, the ability to effectively manage access to a large number of resources can be challenging. The situation becomes even more difficult, when there are limited computational resources or network availability to implement the access control solution. Examples are Internet of Things (IoT) applications, such as the many internet-connected devices at home. To make them easy to use, there has to exist a relatively simple way to manage the large number of devices and to, e.g., grant temporary access to some of them for a visiting friend. In this dissertation, I examine how the problem can be overcome with the Simple Public Key Infrastructure (SPKI), which expresses access rights as cryptographically signed authorisation certificates. I approach the issue from several angles. First, I develop a phase model to analyse the access control process / certificate life-cycle and use it to study SPKI and other certificate technologies for access control while pointing out areas requiring future work. Although SPKI has been studied for some 20 years, standardisation has not been completed. I identify three important missing parts of SPKI in utilising the certificates, as well as in managing and validating online conditions. I also expand the SPKI model to support usage quotas. I then design solutions for all these areas and analyse the resultant system for its applicability, scalability, security and usability. Of particular interest are system performance and privacy. My final focus area is certificate chain reduction, a proposed way to improve performance and privacy of SPKI. I study the approach in detail, identify the relevant design choices for the systems architect, and design a protocol for requesting reductions. For performance evaluation we implemented a prototype, which demonstrates that even modern embedded devices can reach transaction times of one second including all communication delays and using only a software implementation for cryptography. We also found that the transaction was over 40 % faster with chain reduction thus proving the promise of improved performance. Using such reductions does requires a reduction server, but calculations from our use case show that even with pessimistic assumptions, a single reduction server can support millions of users thus making scalability a manageable issue. Privacy-wise, SPKI is a good solution with support for anonymous identities and chain reduction can further improve user privacy by hiding additional information. Finally, all my use cases demonstrate the same certificate chain structure, an hourglass-model, which I hypothesise is prevalent in many other systems, as well. It forms natural basis for reduction and provides for a consistent performance regardless of certificate chain length." @default.
• W2238250073 created "2016-06-24" @default.
• W2238250073 creator A5022080206 @default.
• W2238250073 date "2015-01-01" @default.
• W2238250073 modified "2023-09-23" @default.
• W2238250073 title "Access Control in Distributed Systems using SPKI Authorisation Certificates" @default.
• W2238250073 cites W1484754451 @default.
• W2238250073 cites W1485630809 @default.
• W2238250073 cites W1486200819 @default.
• W2238250073 cites W1491229187 @default.
• W2238250073 cites W1510294241 @default.
• W2238250073 cites W1533825398 @default.
• W2238250073 cites W1553250237 @default.
• W2238250073 cites W1557276474 @default.
• W2238250073 cites W1559168978 @default.
• W2238250073 cites W1580135927 @default.
• W2238250073 cites W1588969578 @default.
• W2238250073 cites W1597967544 @default.
• W2238250073 cites W1607547968 @default.
• W2238250073 cites W1623205588 @default.
• W2238250073 cites W1762868811 @default.
• W2238250073 cites W18186042 @default.
• W2238250073 cites W1859131989 @default.
• W2238250073 cites W1870880088 @default.
• W2238250073 cites W1966815461 @default.
• W2238250073 cites W1970501341 @default.
• W2238250073 cites W197088302 @default.
• W2238250073 cites W1971513162 @default.
• W2238250073 cites W1978192865 @default.
• W2238250073 cites W1979698065 @default.
• W2238250073 cites W1981420668 @default.
• W2238250073 cites W1987339920 @default.
• W2238250073 cites W1993520755 @default.
• W2238250073 cites W1996416899 @default.
• W2238250073 cites W1998568597 @default.
• W2238250073 cites W2002593864 @default.
• W2238250073 cites W2006109307 @default.
• W2238250073 cites W2008524185 @default.
• W2238250073 cites W2015653806 @default.
• W2238250073 cites W2018439061 @default.
• W2238250073 cites W2020992910 @default.
• W2238250073 cites W2022423003 @default.
• W2238250073 cites W2031395626 @default.
• W2238250073 cites W2035582069 @default.
• W2238250073 cites W2036467405 @default.
• W2238250073 cites W2039005844 @default.
• W2238250073 cites W2040128811 @default.
• W2238250073 cites W2043435011 @default.
• W2238250073 cites W2045281063 @default.
• W2238250073 cites W2054691008 @default.
• W2238250073 cites W2057345152 @default.
• W2238250073 cites W2061161497 @default.
• W2238250073 cites W2070164763 @default.
• W2238250073 cites W2070791575 @default.
• W2238250073 cites W2071920848 @default.
• W2238250073 cites W2081119785 @default.
• W2238250073 cites W2081202244 @default.
• W2238250073 cites W2083814974 @default.
• W2238250073 cites W2083872607 @default.
• W2238250073 cites W2085952809 @default.
• W2238250073 cites W2086696481 @default.
• W2238250073 cites W2092186794 @default.
• W2238250073 cites W2092397450 @default.
• W2238250073 cites W2097555626 @default.
• W2238250073 cites W2098303750 @default.
• W2238250073 cites W2101605758 @default.
• W2238250073 cites W2102128947 @default.
• W2238250073 cites W2102699767 @default.
• W2238250073 cites W2103702580 @default.
• W2238250073 cites W2104223491 @default.
• W2238250073 cites W2108357061 @default.
• W2238250073 cites W2111887123 @default.
• W2238250073 cites W2113646496 @default.
• W2238250073 cites W2116155182 @default.
• W2238250073 cites W2120405679 @default.
• W2238250073 cites W2122143775 @default.
• W2238250073 cites W2122516858 @default.
• W2238250073 cites W2122906148 @default.
• W2238250073 cites W2123440474 @default.
• W2238250073 cites W2125204500 @default.
• W2238250073 cites W2137237442 @default.
• W2238250073 cites W2138798600 @default.
• W2238250073 cites W2140998423 @default.
• W2238250073 cites W2141976026 @default.
• W2238250073 cites W2145999544 @default.
• W2238250073 cites W2146035519 @default.
• W2238250073 cites W2149644353 @default.
• W2238250073 cites W2150060143 @default.
• W2238250073 cites W2150847510 @default.
• W2238250073 cites W2151953309 @default.
• W2238250073 cites W2160546048 @default.
• W2238250073 cites W2160878415 @default.
• W2238250073 cites W2164365634 @default.
• W2238250073 cites W2164661256 @default.
• W2238250073 cites W2169322611 @default.
• W2238250073 cites W2170496240 @default.
• W2238250073 cites W2171208314 @default.
• W2238250073 cites W2171807364 @default.
• W2238250073 cites W2176962207 @default.
• W2238250073 cites W2352957445 @default.

• next