Date of Award
5-31-2006
Document Type
Thesis (Undergraduate)
Department or Program
Department of Computer Science
First Advisor
Sean W. Smith
Abstract
Delegation is the process wherein an entity Alice designates an entity Bob to speak on her behalf. In password-based security systems, delegation is easy: Alice gives Bob her password. This is a useful feature, and is used often in the real world. But it's also problematic. When Alice shares her password, she must delegate all her permissions, but she may wish to delegate a limited set. Also, as we move towards PKI-based systems, secret-sharing becomes impractical. This thesis explores one solution to these problems. We use proxy certificates in a non-standard way so that user Alice can delegate a subset of her privileges to user Bob in a secure, decentralized way for web applications. We identify how delegation changes the semantics of access control, then build a system to demonstrate these possibilities in action. An extension on top of Mozilla's Firefox web browser allows a user to create and use proxy certificates for delegation, and a module on top of the Apache web server accepts multiple chains of these certificates. This is done in a modified SSL session that should not break current SSL implementations.
Recommended Citation
Santos, Nicholas J., "Limited Delegation (Without Sharing Secrets) in Web Applications" (2006). Dartmouth College Undergraduate Theses. 48.
https://digitalcommons.dartmouth.edu/senior_theses/48
Comments
Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2006-574.