| dc.contributor.advisor | Ronald L. Rivest. | en_US |
| dc.contributor.author | Clarke, Dwaine E. (Dwaine Errol), 1976- | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2012-09-13T18:52:03Z | |
| dc.date.available | 2012-09-13T18:52:03Z | |
| dc.date.copyright | 2001 | en_US |
| dc.date.issued | 2001 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/72800 | |
| dc.description | Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001. | en_US |
| dc.description | Includes bibliographical references (leaves 155-160). | en_US |
| dc.description.abstract | The issue of trust is of growing importance as our communities become increasingly interconnected. When resources are shared over an untrusted network, how are decisions on which principals are authorized to perform particular actions determined? SPKI/SDSI, a security infrastructure based on public-keys, is designed to facilitate the development of scalable, secure, distributed computing systems. It provides fine-grained access control, using a local name space hierarchy, and a simple, flexible, trust policy model; these features allow for the ability to create groups and delegate authorizations. Project Geronimo, named after the famous Native-American Apache chief, explores the viability of SPKI/SDSI by using it to provide access control over the Web. The infrastructure was integrated into the Netscape web client and Apache web server, using a previously developed SPKI/SDSI C Library. This thesis focuses on the server implementation. An SPKI/SDSI Apache module was designed and implemented: its principle functions are to protect web objects using SPKI/SDSI ACLs, and to determine whether HTTP client requests should be permitted to perform particular operations on protected objects. An administrative tool was developed to enable ACLs to be created, and updated, securely. The thesis also describes the algorithm for certificate chain discovery in SPKI/SDSI. Finally, the demonstration developed for Project Geronimo is outlined. The demo was successfully shown to our sponsors and various groups within the Laboratory for Computer Science. | en_US |
| dc.description.statementofresponsibility | by Dwaine E. Clarke. | en_US |
| dc.format.extent | 160 leaves | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by
copyright. They may be viewed from this source for any purpose, but
reproduction or distribution in any format is prohibited without written
permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | M.Eng. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.identifier.oclc | 51333112 | en_US |
