A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures

Journal of Computer Security

Volumn 15, Issue 2, 2007, Pages 197-229

  Casola, Valentina ^a   Mazzeo, Antonino ^a   Mazzocca, Nicola ^a   Vittorini, Valeria ^a  

^a UNIVERSITY OF NAPLES FEDERICO II   (Italy)

Author keywords

Certificate policies; Public key infrastructures; Security evaluation; Security metric

Indexed keywords

FORMAL LANGUAGES; REAL TIME SYSTEMS; SECURITY OF DATA; SECURITY SYSTEMS;

CERTIFICATE POLICIES; PUBLIC KEY INFRASTRUCTURES; SECURITY EVALUATION; SECURITY METRIC;

PUBLIC KEY CRYPTOGRAPHY;

EID: 33847411543     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2007-15201     Document Type: Article

References (37)

1. Legge 15 marzo 1997 n. 59, Art. 15, comma 2. Delega al Governo per il conferimento di funzioni e compiti alle regioni ed enti locali, per la riforma della Pubblica Amministrazione e per la semplificazione amministrativa (in Italian).
2. D. Bell, Looking back at the Bell-La Padula model, in: Five. 21st Annual Computer Security Applications Conference, 2005.
3. S. Berkovits, S. Chokhani, J.A. Furlong, A. Geiter and J.C. Guild, Public Key Infrastructure Study, Final Report, National Institute of Standards and Technology, Gaithersburg, 1994.
4. M. Bishop, Computer Security, Art and Science, Addison-Wesley, 2003.
5. V. Casola, A. Mazzeo, N. Mazzocca and V. Vittorini, Policy Formalization to combine separate systems into larger connected networks of trust, in: Proceedings of Net-Con'2002 Conference, Paris, 2002.
6. V. Casola, A. Mazzeo, N. Mazzocca and V. Vittorini, Toward automatic policy management in distributed security infrastructures, in the book series: Parallel and Distributed Scientific and Engineering Computing: Practice and Experience, Nova Science Publishers, 2004.
7. Centro Tecnico per la Rete Unitaria, Sezione Sicurezza, Manuale operativo per il servizio di certificazione di chiavi pubbliche per la rete unitaria della pubblica amministrazione, Versione 1.1, 2001 (in Italian).
8. I. Curry, Trusted Public-Key Infrastructures, Version 1.2, Entrust Technologies, www.entrust.com. 2000.
9. N. Damianou, N. Dulay, E. Lupu and M. Sloman, The Ponder policy specification language, in: Proc. of Policy Workshop 2001, M. Sloman, ed., UK, 2001.
10. Decreto del Presidente del Consiglio dei Ministri, 8 febbraio 1999 Regole tecniche per la formazione, la trasmissione, la conservazione, la duplicazione, la riproduzione e la validazione, anche temporale, dei documenti informatici ai sensi dellarticolo 3, comma 1, del Decreto del Presidente della Repubblica, 10 novembre 1997, n. 513 (in Italian).
11. Digital Signature and Confidentiality, Certificate Policies for the Government of Canada Public Key Infrastructure, version 3.02, 1999.
12. EuroPKI, 2000. Certificate Policy VERSION 1.1 (DRAFT 4), OID: 1.3.6.1.4.1. 5255.1.1.1.
13. EuroPKI Project Home page, www.europki.org.
14. W. Ford and M.S. Baum, Secure Electronic Commerce, Prentice Hall Inc., Upper Saddle River, 1997.
15. S. Grill, An approach to formally compare and query certification practice statements, in: Informatik GI Workshop, Berlin, 2000.
16. R. Grimm and T. Hetschold, Security Policies in OSI management: experiences from the DeTe-Berkom Project BMSec, in: Proceedings of the JENC6, 1995.
17. C. Huitema and A. Tarah, Associating metrics to certification paths, in: Computer Security, ESORICS'92, Lecture Notes in Computer Science, Vol. 648, Springer, 1992, pp. 175-189.
18. http://www.verisign.com
19. S. Jajodia, P. Samarati and VS. Subrahmanian, A logical language for expressing authorizations, in: Proc. IEEE Symp. on Research in Security and Privacy, Oakland, CA, 1997, pp. 31-42.
20. L. Kagal, T. Finin and A. Joshi, A policy language for a pervasive computing environment, in: IEEE 4th International Workshop on Policies for Distributed Systems and Networks (Policy 2003), 2003.
21. T. Klobucar and B. Jerman-Blazic, A formalization and evaluation of certificate policies, in: Computer Communication (22), Elsevier Science, 1999, pp. 1104-1110.
22. S.A. Kokolakis and E.A. Kiountouzis, Achieving Interoperability in a multiple-security-policies environment, Computer & Security 19(3) (2000), 267-281.
23. St. Laurent and Cerami, Building XML Applications, McGraw-Hill, 1999.
24. S. Jha, M. Livny, P.D. McDaniel and H. Wang, Security policy reconciliation in distributed computing environments, in: Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY04), 2004.
25. U. Maurer, Modelling public-key infrastructure, in: Computer Security, ESORICS 96, Lecture Notes in Computer Science, Vol. 1146, Springer, 1996, pp. 325-350.
26. S. Mendes and C. Huitema, A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model, in: Proceedings of the Symposium on Network and Distributed System Security (SNDSS'95), 1995.
27. NIST 2001, Report of Federal Bridge Certification Authority Initiative and Demonstration, 2001.
28. W. Polk and N. Hastings, Bridge Certification Authorities: Connecting B2B Public Key Infrastructures, 2000.
29. M.K. Reiter and S.G. Stubblebine, Authentication Metric Analysis and Design, ACM Transactions on Information and System Security 2(2) (1999), 138-158.
30. RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, 1999.
31. RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, 1999.
32. C. Ribeiro, A. Zuquete, P. Ferreira and P. Guedes, SPL: An access control language for security policies with complex constraints, in: Proceedings of Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2001.
33. R.S. Sandhu, Good-Enough Security: Toward a Pragmatic Business-Driven Discipline, IEEE Internet Computing 7(1) (2003), 66-68.
34. The Grid's Policy Management Authority, http://www.gridpma.org/
35. G. Tallini, Strutture Geometriche, Spazi Topologici e varietà differenziali Parte prima, Printed in Italy, Liguori Editore, Napoli, 1982 (in Italian).
36. Trusted Computer System Evaluation Criteria, Orange Book of Rainbow Series, US Department of Defense.
37. J. Turnbull, Cross-Certification and PKI Policy Networking Version 1.0, Entrust Technologies, www.entrust.com. 2000.