Contents

• Abstract
• Acknowledgments
• Abbreviations
• Introduction
  • Contributions
  • The structure of this thesis
• Computer security
  • The security process
  • Security and distributed systems
    • Distribution
      • Security aspects of distribution
  • Building blocks for secure systems
    • Cryptography and confidentiality
    • Authentication and non-repudiation
    • Access control
• A secure object-oriented architecture
  • System framework components
  • Authentication and credentials
  • Access control
  • Protecting network communications
    • GSS-API
    • Security contexts
  • Legacy systems
  • Conclusion
• A role representation framework
  • The concept of role
    • Defining the role concept
  • Representing roles
    • Requirements for a role representation
    • A role description framework
      • The Role Descriptor Object
      • Function description
      • Relations between roles
      • Application data
      • Assignment of users to roles
  • Role-Based Access Control
    • Role definition and administration
    • Assignment of users and privileges
    • Constraints
      • Enforcing constraints
      • Categorizations
    • Role hierarchies
    • Role use
    • Implementing the framework
  • Related work
  • Conclusion
• Implementing RBAC using NFS
  • The Network File System
    • NFS service functions
  • Design for the RBAC NFS server
    • Unix permissions and access modes
    • Permissions and access modes for our design
    • Special cases
    • Presenting file information
    • A syntax for specifying RBAC permissions
  • Implementation
    • Implementing roles
    • Introducing RBAC semantics in the NFS server
  • Results
  • Related work
  • Conclusion
• Some security techniques
  • Cryptography
    • Symmetric key cryptography
    • Asymmetric key cryptography
    • Algorithms
    • Digital signatures
      • Message digests
      • Signatures
      • Applications
    • Key distribution
  • Authentication
    • Computer authentication
    • Issuing authority
    • Credentials
    • Association
    • Validation
    • Conclusion
  • Access control
    • General principles
    • Getting a working system
    • Classification of access control systems
      • ACI usage schemes
      • Access control policies
  • Conclusion
• Survey of secure distributed systems
  • IP level security
  • Secure RPC
  • SSH
  • SSL
    • Record layer
    • SSL internal protocols
  • S-HTTP
  • Kerberos
    • Ticket-granting server
  • CORBA
  • SESAME
• Concluding remarks
  • Future work
    • Frameworks
    • Role-based access control
• References
• About this document ...