Privilege Management Infrastructures (PMI), used in conjunction with PKIs, allow for an effective, efficient and scalable enforcement of access control in complex distributed systems like grids. We propose a PMI-aware extension for the SSH service, in order to obtain a certificate-based system entry service supporting the direct delegation functionality. Our design uses the PAM and NSS frameworks, so that such extension could be easily generalized to encompass any other system entry service. Indeed, as detailed in a previous work, we look at it as a starting point of a fully integrated design, strictly adhering to modern computing security principles, in which distributed security-oriented OSs act as building blocks of grid-like architectures encompassing advanced resource-sharing and collaborative environments.
A PMI-aware extension for the SSH service
Schmid Giovanni
2008
Abstract
Privilege Management Infrastructures (PMI), used in conjunction with PKIs, allow for an effective, efficient and scalable enforcement of access control in complex distributed systems like grids. We propose a PMI-aware extension for the SSH service, in order to obtain a certificate-based system entry service supporting the direct delegation functionality. Our design uses the PAM and NSS frameworks, so that such extension could be easily generalized to encompass any other system entry service. Indeed, as detailed in a previous work, we look at it as a starting point of a fully integrated design, strictly adhering to modern computing security principles, in which distributed security-oriented OSs act as building blocks of grid-like architectures encompassing advanced resource-sharing and collaborative environments.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
