Advanced Search
DSpace@MIT

SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI

Research and Teaching Output of the MIT Community

Show simple item record

dc.contributor.advisor Ronald L. Rivest. en_US
dc.contributor.author Clarke, Dwaine E. (Dwaine Errol), 1976- en_US
dc.contributor.other Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. en_US
dc.date.accessioned 2012-09-13T18:52:03Z
dc.date.available 2012-09-13T18:52:03Z
dc.date.copyright 2001 en_US
dc.date.issued 2001 en_US
dc.identifier.uri http://hdl.handle.net/1721.1/72800
dc.description Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001. en_US
dc.description Includes bibliographical references (leaves 155-160). en_US
dc.description.abstract The issue of trust is of growing importance as our communities become increasingly interconnected. When resources are shared over an untrusted network, how are decisions on which principals are authorized to perform particular actions determined? SPKI/SDSI, a security infrastructure based on public-keys, is designed to facilitate the development of scalable, secure, distributed computing systems. It provides fine-grained access control, using a local name space hierarchy, and a simple, flexible, trust policy model; these features allow for the ability to create groups and delegate authorizations. Project Geronimo, named after the famous Native-American Apache chief, explores the viability of SPKI/SDSI by using it to provide access control over the Web. The infrastructure was integrated into the Netscape web client and Apache web server, using a previously developed SPKI/SDSI C Library. This thesis focuses on the server implementation. An SPKI/SDSI Apache module was designed and implemented: its principle functions are to protect web objects using SPKI/SDSI ACLs, and to determine whether HTTP client requests should be permitted to perform particular operations on protected objects. An administrative tool was developed to enable ACLs to be created, and updated, securely. The thesis also describes the algorithm for certificate chain discovery in SPKI/SDSI. Finally, the demonstration developed for Project Geronimo is outlined. The demo was successfully shown to our sponsors and various groups within the Laboratory for Computer Science. en_US
dc.description.statementofresponsibility by Dwaine E. Clarke. en_US
dc.format.extent 160 leaves en_US
dc.language.iso eng en_US
dc.publisher Massachusetts Institute of Technology en_US
dc.rights M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. en_US
dc.rights.uri http://dspace.mit.edu/handle/1721.1/7582 en_US
dc.subject Electrical Engineering and Computer Science. en_US
dc.title SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI en_US
dc.type Thesis en_US
dc.description.degree M.Eng. en_US
dc.contributor.department Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. en_US
dc.identifier.oclc 51333112 en_US


Files in this item

Name Size Format Description
51333112-MIT.pdf 9.639Mb PDF Full printable version

This item appears in the following Collection(s)

Show simple item record

MIT-Mirage