Đang chuẩn bị liên kết để tải về tài liệu:
Cryptographic Security Architecture: Design and Verification phần 4
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Các chương trước giới thiệu khái niệm của đối tượng phụ thuộc, trong đó một đối tượng ví dụ như một mã hóa khóa công khai đối tượng hành động, bị trói khác, trong trường hợp này, giấy chứng nhận. Giấy chứng nhận này thường được quy định cụ thể, trong số những thứ khác, hạn chế về cách thức mà các khóa có thể được sử dụng, | 76 2 The Security Architecture ACTION_PERM_NOTAVAIL Initial state -- ACTION_PERM_ALL ị ACTION_PERM_NONE_EXTERNAL I ACTION PERMNONE Figure 2.15. State machine for object action permissions. The finite state machine in Figure 2.15 indicates the transitions that are allowed by the cryptlib kernel. Upon object creation the ACLs may be set to any level but after this the kernel-enforced -property applies and the ACL can only be set to a more restrictive setting. 2.6.1 Permission Inheritance The previous chapter introduced the concept of dependent objects in which one object for example a public-key encryption action object was tied to another in this case a certificate. The certificate usually specifies among various other things constraints on the manner in which the key can be used for example it might only allow use for encryption or for signing or key agreement. In a conventional implementation an explicit check for which types of usage are allowed by the certificate needs to be made before each use of the key. If the programmer forgets to make the check gets it wrong or never even considers the necessity of such a check there are implementations that do all of these the certificate is useless because it doesn t provide any guarantees about the manner in which the key is used. The fact that cryptlib provides ACLs for all messages sent to objects means that we can remove the need for programmers to explicitly check whether the requested access or usage might be constrained in some way since the kernel can perform the check automatically as part of its reference monitor functionality. In order to do this we need to modify the ACL for an object when another object is associated with it a process that is again performed by the kernel. This is done by having the kernel check which way the certificate constrains the use of the action object and adjust the object s access ACL as appropriate. For example if the certificate responded to a query of its signature capabilities