Critical infrastructures require protection systems that are both flexible and efficient. Flexibility is essential to capture the multi-organizational and state-based nature of these systems, efficiency is necessary to cope with limitations of hardware resources. To meet these requirements, we consider a classical protection environment featuring subjects that attempt to access the protected objects. We approach the problem of specifying the access privileges held by each subject. Our protection model associates a password system with each object; the password system features a password for each access privilege defined for this object. A subject can access the object if it holds a key matching one of the passwords in the password system, and the access privilege corresponding to this password permits to accomplish the access. Password systems are implemented as hierarchical bidimensional one-way chains. Trade-offs are possible between the memory requirements for storage of a password system and the processing time necessary to validate a key.
Password systems: design and implementation
DINI, GIANLUCA;LOPRIORE, LANFRANCO
2015-01-01
Abstract
Critical infrastructures require protection systems that are both flexible and efficient. Flexibility is essential to capture the multi-organizational and state-based nature of these systems, efficiency is necessary to cope with limitations of hardware resources. To meet these requirements, we consider a classical protection environment featuring subjects that attempt to access the protected objects. We approach the problem of specifying the access privileges held by each subject. Our protection model associates a password system with each object; the password system features a password for each access privilege defined for this object. A subject can access the object if it holds a key matching one of the passwords in the password system, and the access privilege corresponding to this password permits to accomplish the access. Password systems are implemented as hierarchical bidimensional one-way chains. Trade-offs are possible between the memory requirements for storage of a password system and the processing time necessary to validate a key.| File | Dimensione | Formato | |
|---|---|---|---|
|
Main document.pdf
accesso aperto
Descrizione: Articolo principale
Tipologia:
Documento in Post-print
Licenza:
Creative commons
Dimensione
197.2 kB
Formato
Adobe PDF
|
197.2 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
