Intrusion-tolerant fine-grained authorization for Internet applications

This paper presents the architecture of an authorization service proposed for composite operations involving many Internet partners. The main contributions of this paper are: (1) a scheme for access control systematically applied at the fine-grained level of each elementary operation, (2) a novel proof of authorization concept and flexible authorization delegation technique, and (3) the design and proof-of-concept implementation of an intrusion-tolerant prototype of the authorization architecture. The architecture is based on two component types: an authorization server and a set of reference monitors. The authorization server is in charge of distributing proofs of authorization for composite operations in the system. On each site involved in the execution of the composite operation, a local reference monitor is in charge of checking the validity of the proofs of authorization used for each elementary operation. The paper presents the overall design of the authorization service. It also includes a brief description of the prototype that was developed as well as performance measures.