PREON: An efficient cascade revocation mechanism for delegation paths
Tipus de documentArticle
Condicions d'accésAccés restringit per política de l'editorial
In decentralized network-based environments, resource sharing occurs more frequently as computing becomes more pervasive. Access to shared resources must be protected allowing access only to authorized entities. Delegation is a powerful mechanism to provide flexible and distributed access control when a user acts on another user’s behalf. User’s rights/ attributes are contained in digital certificates and successive delegations generate chains of certificates.When an access control decision related to a delegation path has to be taken, its corresponding certificate chain has to be validated. Validation of long delegation paths is a costly process that might be critical when constrained devices are involved. In this article, we propose a mechanism called PREON (Prefix Revocation) which is based on prefix codes. PREON allows a privilege verifier to efficiently check a delegation chain when cascade revocation is enabled. We show by statistical analysis that our proposal outperforms delegation systems without prefix coding especially for long delegation paths and high revocation probabilities.
CitacióHinarejos, M. [et al.]. PREON: An efficient cascade revocation mechanism for delegation paths. "Computers and security", Setembre 2010, vol. 29, núm. 6, p. 697-711.