Abstract
This paper develops a language and a reference architecture supporting the management and enforcement of authentication policies. Such language directly supports multi-factor authentication and the high level specification of authentication factors, in terms of conditions against the features of the various authentication mechanisms and modules. In addition the language supports a rich set of constraints; by using these constraints, one can specify for example that a subject must be authenticated by two credentials issued by different authorities. The paper presents a logical definition of the language and its corresponding XML encoding. It also reports an implementation of the proposed authentication system in the context of the FreeBSD Unix operating system (OS). Critical issues in the implementation are discussed and performance results are reported. These results show that the implementation is very efficient.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)
Abadi, M., Thau Loo, B.: Towards a declarative language and system for secure networking. In: NetDB 2007. Proceedings of the Third International Workshop on Networking Meets Databases, Cambridge, MA, USA (2007)
de Alfaro, L., Manna, Z.: Continuous verification by discrete reasoning. Technical Report CS-TR-94-1524 (1994)
v. 1.0 Extensible Markup Language (XML). W3c recommendation, 2006, http://www.w3.org/XML/
SELinux for Distributions, http://selinux.sourceforge.net/
Ganger, G.R.: Authentication confidences, pp. 169–169 (2001)
Klosterman, A., Ganger, G.: Secure continuous biometric-enhanced authentication (2000)
Pluggable Authentication Modules, www.sun.com/software/solaris/pam/
FreeBSD Project. Freebsd home page, http://www.freebsd.org
Revesz, P.Z.: Constraint databases: A survey. In: Semantics in Databases, pp. 209–246 (1995)
SAML. v. 1.0 specification set (2002), http://www.oasis-open.org/committees/security/#documents
RSA SecureId, http://www.rsasecurity.com/node.asp?id=1156
IBM WebSphere Software, www-306.ibm.com/software/websphere/
Watson, R.N.M.: Trustedbsd adding trusted operating system features to freebsd. In: USENIX Annual Technical Conference (2001), http://www.usenix.org
Wobber, E., Abadi, M., Burrows, M., Lampson, B.: Authentication in the taos operating system. ACM Trans. Comput. Syst. 12(1), 3–32 (1994)
Yang, G., Wong, D.S., Wang, H., Deng, X.: Formal analysis and systematic construction of two-factor authentication scheme (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, Springer, Heidelberg (2006)
Bertino, E., Bhargav-Spantzel, A., Squicciarini, A.C.: Policy languages for digital identity management in federation systems. In: POLICY 2006. Proceedings of Workshop on Policies for Distributed Systems and Networks, pp. 54–66 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Squicciarini, A.C., Bhargav-Spantzel, A., Bertino, E., Czeksis, A.B. (2007). Auth-SL - A System for the Specification and Enforcement of Quality-Based Authentication Policies. In: Qing, S., Imai, H., Wang, G. (eds) Information and Communications Security. ICICS 2007. Lecture Notes in Computer Science, vol 4861. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77048-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-540-77048-0_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77047-3
Online ISBN: 978-3-540-77048-0
eBook Packages: Computer ScienceComputer Science (R0)