Agent-Based One-Shot Authorisation Scheme in a Commercial Extranet Environment by Wai Ki Richard Au Bachelor of Science (Honours) (HKU) - 1980 Graduate Diploma of Information Technology (QUT) - 1998 Thesis submitted in accordance with the regulations for Degree of Doctor of Philosophy Information Security Institute Faculty of Information Technology Queensland University of Technology August 2005 ii QUEENSLAND UNIVERSITY OF TECHNOLOGY DOCTOR OF PHILOSOPHY THESIS EXAMINATION CANDIDATE NAME Wai Ki Richard Au RESEARCH CONCENTRATION Information Security Institute PRINCIPAL SUPERVISOR Associate Professor Mark Looi ASSOCIATE SUPERVISOR(S) Dr Paul Ashley Professor William J Caelli THESIS TITLE Agent-based One-Shot Authorisation Scheme in a Commercial Extranet Environment Under the requirements of PhD regulation 9.2, the above candidate was examined orally by the Faculty The members of the panel set up for this examination recommend that the thesis be accepted by the University and forwarded to the appointed Committee for examination Name Signature Panel Chairperson (Principal Supervisor) Name Signature Panel Member Name Signature Panel Member Under the requirements of PhD regulation 9.15, it is hereby certified that the thesis of the above-named candidate has been examined I recommend on behalf of the Thesis Examination Committee that the thesis be accepted in fulfilment of the conditions for the award of the degree of Doctor of Philosophy Name Signature Date Chair of Examiners (Thesis Examination Committee) iii iv Keywords Distributed authorisation, extranet, Intranet, smart card, personal secure device, authentication, security architecture, security server, trust establishment, trust token, credential-based authorisation, one-shot authorisation token, one-task authorisation key, anonymous attribute certificate, key binding certificate, anonymous authorisation, referee server, privilege negotiation agent, authorisation agent, secure client agent environment v vi Abstract The enormous growth of the Internet and the World Wide Web has provided the opportunity for an enterprise to extend its boundaries in the global business environment While commercial functions can be shared among a variety of strategic allies - including business partners and customers, extranets appear to be the cost-effective solution to providing global connectivity for different user groups Because extranets allow third-party users into corporate networks, they need to be extremely secure and external access needs to be highly controllable Access control and authorisation mechanisms must be in place to regulate user access to information/resources in a manner that is consistent with the current set of policies and practices both at intra-organisational and cross-organisational levels In the business-to-customer (B2C) e-commerce setting, a service provider faces a wide spectrum of new customers, who may not have pre-existing relationships established Thus the authorisation problem is particularly complex In this thesis, a new authorisation scheme is proposed to facilitate the service provider to establish trust with potential customers, grant access privileges to legitimate users and enforce access control in a diversified commercial environment Four modules with a number of innovative components and mechanisms suitable for distributed authorisation on extranets are developed: • One-shot Authorisation Module - One-shot authorisation token is designed as a flexible and secure credential for access control enforcement in client/server systems; • Token-Based Trust Establishment Module - Trust token is proposed for server-centric trust establishment in virtual enterprise environment vii • User-Centric Anonymous Authorisation Module - One-task authorisation key and anonymous attribute certificate are developed for anonymous authorisation in a multi-organisational setting; • Agent-Based Privilege Negotiation Module - Privilege negotiation agents are proposed to provide dynamic authorisation services with secure client agent environment for hosting these agents on user’s platform viii Contents Certificate Recommending Acceptance iii Keywords v Abstract vii Contents ix List of Figures xvii List of Tables xix Declaration xxi Related Publications xxiii Acknowledgements xxvii Introduction 1.1 Overview 1.2 Research Approaches and Scopes 1.2.1 Infrastructure of Domain-based Servers 1.2.2 User-Centric Authorisation 1.2.3 Credential-based Access Control 1.2.4 Mobile Agent for Authorisation Services Thesis Outline 1.3 ix Background 2.1 Introduction 2.2 Access Control 10 2.3 2.2.1 Access Control Models 11 2.2.2 Implementations of Access Control 12 Authentication and Authorisation 13 2.3.1 2.4 Authorisation Mechanisms 14 Security Architectures 15 2.4.1 Kerberos V5 15 2.4.2 Distributed Computing Environment (DCE) 17 2.4.3 SESAME (Secure European System for Applications in a Multi-vendor Environment) 18 2.5 2.6 2.7 2.4.4 Policymaker and Keynote 20 2.4.5 Shibboleth 20 2.4.6 OASIS 20 2.4.7 Liberty Alliance 21 2.4.8 Anonymous Credential Systems 21 Security Standards 22 2.5.1 SAML and XACML 22 2.5.2 Privilege Certificates 23 Personal Secure Devices 25 2.6.1 Smart Card 26 2.6.2 iButtonT M 28 Code Mobility and Mobile Agent 28 2.7.1 Protection of Mobile Agent 30 2.7.2 Chapter Summary 31 Requirements and Framework 3.1 33 Overview of Requirements on Commercial Extranets 33 3.1.1 Requirements on Access Control and Security Mechanisms 3.1.2 Requirements on Network Architecture and Topologies 37 x 34 230 Appendix E Source Codes Bibliography [1] A Abdul-Rahman and S Halle A Distributed Trust Model In Proceedings of New Security Paradigms Workshop, 1997 [2] A Acharya, M Ranganathan, and J Salz Sumatra: A Language for Resource-aware Mobile Programs In Mobile Object Systems: Towards the Programmable Internet, LNCS 1222, pages 111–130, 1997 [3] American Bankers Association Accredited Standards committee X9 Enhanced Management Controls Using Digital Signatures and Attribute Certificates ANSI X9.45 1997 [4] American Bankers Association Accredited Standards committee X9 Public Key Cryptography for the Financial Services Industry: Certificate Management ANSI X9.57 1999 [5] P Ashley, S Hada, and G Karjoth E-P3P Privacy Policies and Privacy Authorisation In Proceedings of ACM Workshop on Privacy in Electronic Society, pages 103–109, 2002 [6] P Ashley and M Vandenwauver Practical Intranet Security : An Overview of the State of the Art and Available Technologies Kluwer Academic Publishers, 1999 [7] P Ashley, M Vandenwauver, and B Broom A Uniform Approach to Securing Unix Applications Using SESAME In Proceedings of the Third Australasian Conference on Information Security and Privacy, volume 1438, pages 24–35, 1998 231 BIBLIOGRAPHY 232 [8] T Aura and C Ellison Privacy and Accountability in Certificate Systems In Helsinki University of Technology Laboratory for Theoretical Computer Science Research Report 61, 2000 [9] D Bayles Extranets - Building the Business to Business Web Prentice Hall PTR, 1998 [10] V Benjumea, J Lopez, J Montenegro, and J Troya A First Approach to Provide Anonymity in Attribute Certificates In Proceedings of PKC 2004, LNCS 2947, pages 402–415, 2004 [11] E Bertino, E Ferrari, and V Atluri The Specification and Enforcement of Authorization Constraints in Workflow Management Systems In ACM Transactions on Information and System Security, volume 2, 1999 [12] T Beth, M Borcherding, and B Klein Networks Valuation of Trust in Open In Proceedings of the European Symposium on Research in Computer Security (ESORICS), pages 3–18 Springer Verlag, 1994 [13] M Blaze, J Feigenbaum, J Ioannidis, and A.D Keromytis The Role of Trust Management in Distributed Systems Security In Secure Internet Programming: Security Issues for Mobile and Distributed Objects, LNCS 1603, pages 185–210 Springer Verlag, 1999 [14] M Blaze, J Feigenbaum, and A Keromytis KeyNote: Trust Management for Public-Key Infrastructures In Proceedings of Cambridge 1998 Security Protocols International Workshop, 1998 [15] M Blaze, J Feigenbaum, and J Lacy Decentralized Trust Management In Proceedings of the IEEE Symposium on Security and Privacy, pages 164–173, 1996 [16] S Brands Rethinking Public Key Infrastructure and Digital Certificates; Building in Privacy In Ph.D Thesis, Eindhoven Institute of Technology, The Netherlands, 1999 BIBLIOGRAPHY [17] S Brands 233 A Technical Overview of Digital Credentials In URL: citeseer.nj.nec.com/brands02technical.html, 2002 [18] E Brickell, P Gemmel, and D Kravitz Trustee-based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change In Proceedings of ACM-SIAMs, pages 457–466 ACM Press, 1995 [19] G.D Brown System/360 Job Control Language, 1977 [20] W Caelli, D Longley, and M Shain Information Security Handbook London : Macmillan, 1994 [21] J Camenisch and A Lysyanskaya An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation In Advances in Cryptology - EUROCRYPT 2001: Second Symposium, PADO 2001, pages 93–118 Springer-Verlag, 2001 Volume 2045 of Lecture Notes in Computer Science [22] J Camenisch and M Stadler Efficient Group Signature Schemes for Large Groups In Proceedings of CRYPTO’97, LNCS 1296, pages 410–424 Springer-Verlag, 1997 [23] L Cardelli Abstractions for Mobile Computation In Secure Internet Programming: Security Issues for Mobile and Distributed Objects, LNCS 1603, pages 51–79 Springer Verlag, 1999 [24] G Caronni, H Lubich, A Aziz, T Markson, and R Skrenta SKIP - Workshop Securing on the Enabling Internet Technologies, In Proceedings WETICE’96, of the IEEE 5th Press, http://www.olymp.org/ caronni/work/papers/wetice-skip-final.pdf, 1996 [25] A Carzaniga, G Picco, and G Vigna Designing Distributed Applications With Mobile Code Paradigms In Proceedings of the 19th International Conference on Software Engineering (ICSE’97), pages 22–32, 1997 BIBLIOGRAPHY 234 [26] D Chaum Untraceable Electronic Mail, Return addresses and digital Pseudonyms In Communications of the ACM, volume 24, pages 84–88, 1981 [27] D Chaum Blind Signatures for Untraceable Payments In Advances in Cryptology - Crypto’82, pages 199–203, 1983 [28] D Chaum Security Without Identification: Transaction Systems to Make Big Brother Obsolete In Communications of the ACM, volume 28, pages 1030–1044, 1985 [29] D Chaum and J Evertse A Secure and Privacy-protecting Protocol for Transmitting Personal Information between Organizations In Advances in Cryptology - Crypto’86, LNCS 263, pages 118–167 Springer-Verlag, 1986 [30] D Chaum and E Heyst Group Signature In Proceedings of EUROCRYPTO’91, LNCS 547, pages 257–265 Springer-Verlag, 1991 [31] L Chen Access with Pseudonyms In Cryptography: Policy and Algorithms,LNCS 1642, pages 232–243 Springer-Verlag, 1995 [32] D Chess Security Issues in Mobile Code Systems In Mobile Agent Security, LNCS 1419, Springer, pages 1–14, 1998 [33] T Chia and S Kannapan Strategically Mobile Agents In Proceedings of the 1st International Conference on Mobile Agents (MA’97) LNCS 1219, Springer, pages 149–154, 1997 [34] R Clarke Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice In Proceedings of User Identification & Privacy Protection Conference, 1999 [35] G Cugola, C Ghezzi, G Picco, and G Vigna Analyzing Mobile Code Languages In Mobile Object Systems: Towards the Programmable Internet, LNCS 1222, pages 93–111, 1997 BIBLIOGRAPHY 235 [36] Dallas Semiconductor Corporation DS1954 Technical Information - Cryptographic iButton In URL: http://www.iButton.com, 1995 [37] Dallas Semiconductor Corporation FIPS 140-1 Non-Proprietary Cryptographic Module Security Policy (Level Validation) In URL: http://www.iButton.com/software/crypto/fips140-1l3.pdf, 2000 [38] I Damgard Payment Systems and Credential Mechanism with Provable Security Against Abuse by Individuals In Advances in Cryptology - Crypto’88, LNCS 403, pages 328–335 Springer-Verlag, 1988 [39] D Denning A New Paradigm for Trusted systems In Proceedings of 1992-93 ACM SIGSAC New Security Paradigms Workshop, 1993 [40] J.B Dennis and E.C Van Horn Multiprogrammed Computations Programming Semanticvs for Communications of the ACM, 9(3):143–155, 1966 [41] Department of Defense (US government) Trusted Computer System Evaluation Criteria, DOD 5200.28-STD Department of Defence, 1985 [42] C Ellison Improvements on Conventional PKI Wisdom In Proceedings of the First Annual PKI Research Workshop, pages 165–175, 2003 [43] C Ellison, B Frantz, B Lampson, R Rivest, B Thomas, and T Ylonen SPKI Certificate Theory In RFC 2693, Internet Engineering Task Force, 1999 [44] M Erdos and S Cantor Shibboleth Architecture DRAFT v05 URL: http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-arch-v05.pdf [45] D Essin Patterns of Trust and Policy In Proceedings of 1997 New Security Paradigms Workshop, 1997 [46] C Farkas, G Ziegler, A Meretei, and A Lorincz Anonymity and Accountability in Self-organising Electronic Communities In Proceedings of ACM Workshop on Privacy in Electronic Society, pages 81–90, 2002 BIBLIOGRAPHY 236 [47] W.M Farmer, J.D Guttman, and V Swarup Security for Mobile agents: Authentication and state appraisal In European Symposium on Research in Computer Security, LNCS 1146, Springer, pages 118–130, 1996 [48] S Farrell and R Housley An Internet Attribute Certificate for Authorisation In RFC 3281, Internet Engineering Task Force, 2002 [49] B Friedman, P.H Khan, and D.C Howe Trust Online In Communications of the ACM, volume 43, pages 34–40, 2000 [50] GEMPLUS GemXpresso Range for Banking and Retail In URL: http://www.gemplus.com/products/ [51] S Goldwasser and S Micali Probabilistic Encryption Journal of Computer and System Sciences, 28:270–299, 1984 [52] S Goldwasser, S Micali, and R.L Rivest A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks SIAM Journal on Computing, 17(2):281 – 308, 1988 [53] L Gong Java Platform Security Architecture In URL: http://java.sun.com/j2se/1.4/docs/guide/security/spec/security-spec.doc.html, 2002 [54] G.S Graham and P.J Denning Protection – principles and practice In Proceedings of Spring Jt Computer Conference, 40, pages 417–429, 1972 [55] R.S Gray D’ Agents: Security in a Multiple-Language, Mobile Agent Systems In Mobile Agent and Security, LNCS 1419, pages 154–187, 1998 [56] W Harold and Jr Lockhart OSF DCE - Guide to Developing Distributed Applications McGraw-Hill, 1994 [57] D Hartman Unclogging Distributed Computing In IEEE Spectrum, volume 29, pages 36–39, 1992 [58] V Hassler Security Fundamentals for e-Commerce Artech House, 2000 BIBLIOGRAPHY 237 [59] R Hayton and K Moody An Open Architecture for Secure Interworking Services In Proceedings of the 7th workshop on ACM SIGOPS European workshop: Systems support for worldwide applications, pages 233–240 ACM, 1996 [60] A Herzberg, J Mihaeli, Y Mass, D Naor, and Y Ravid Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers In Proceedings of IEEE Symposium on Security and Privacy, 2000 [61] D.L Hoffman, T.P Novak, and T Peralta Building Consumer Trust Online In Communications of the ACM, volume 42, pages 80–85, 1999 [62] F Hohl A Model of Attacks of Malicious Hosts Against Mobile Agents In Proceedings of the ECOOP Workshop on Distributed Object Security and 4th Workshop on Mobile Object Systems, INRIA, France, Secure Internet Mobile Computations, pages 105–120, 1998 [63] F Hohl Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts In Mobile Agents and Security, LNCS 1419, pages 92–113, 1998 [64] Adobe System Inc Postscript Language Reference Manual, 1985 [65] International Organisation for Standardisation In International Standard ISO/IEC 7816: Integrated Circuit(s) Cards with Contacts [66] International Standardization Telecommunication Sector Union - X.509v3 Telecommunication In URL: http://www.mcg.org.br/mirrors/97x509final.doc [67] International Telecommunication Standardization Sector Union - Telecommunication ITU-T Recommendation X.800 - ISO 7498-2: Information Processing Systems - Open Systems Interconnection - Basic Reference Model Part 2: Security Architecture International Organisation for Standardisation, 1989 BIBLIOGRAPHY 238 [68] International Telecommunication Standardization Sector Union - Telecommunication ITU-T Recommendation X.812 ISO 10181-3: Information Technology - Open Systems Interconnection - Security Frameworks for Open Systems : Access Control Framework International Organisation for Standardisation, 1996 [69] International Telecommunication Union - Telecommunication Standardization Sector ITU-T Recommendation X.509 In Information technology - Open systems interconnection - the directory: Authentication frameworks, 1997 [70] International Telecommunication Union - Telecommunication Standardization Sector ITU-T Recommendation X.509 In Information technology - Open systems interconnection - the directory: Public-key and attribute certificate frameworks, 2000 [71] Y L Jacob and K O John A Safe Tcl Toolkit for Electronic Meeting Places In Proceedings of the 1st USENIX Workshop on Electronic Commerce, pages 133–135, 1995 [72] W Johnson, S Mudumbal, and M Thompson Authorisation and Attribute Certificates for Widely Distributed Access Control In Proceedings of IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1998 [73] B Jonathan, K David, and R Daniela Market-based Resource Control for Mobile Agents In Proceedings of the 2nd International Conference on Autonomous Agents, ACM Press, pages 197–204, 1998 [74] P Kaijser A Review of SESAME Development In Proceedings of the Third Australasian Conference on Information Security and Privacy, volume 1438, pages 1–8, 1998 BIBLIOGRAPHY 239 [75] P Kaijser, T Parker, and D K Pinkas SESAME : The Solution To Security for Open Distributed Systems In Computer Communications, volume 17, 1994 [76] R.Y Kain and C.E Landwehr On Access Checking in Capability-Based Systems IEEE Transactions on Software Engineering, 13(2), 1987 [77] I Kao and R Chow An Extended Capability Architecture To Enforce Dynamic Access Control Policies In Proceedings of IEEE Computer Security Applications Conference, pages 148–157 IEEE, 1996 [78] G Karjoth, M Schunter, and M Waidner Platform for Enterprise Privacy Practices - Privacy-enabled Management of Customer Data In Proceedings of the Privacy Enhancing Technologies Conference, volume LNCS 2482, pages 69–84, 2003 [79] Kerberos MIT’s Kerberos Home Page In URL: http://web.mit.edu/kerberos/www/index.html [80] J Kilian and E Petrank Identity Escrow In Proceedings of CRYPTO’98, LNCS 1642, pages 169–185 Springer-Verlag, 1998 [81] J Kohl and C Neuman The Kerberos Network Authentication Service V5 In RFC1510, 1993 [82] R Kohlas and U Maurer Confidence Valuation in a Public Key Infrastructure based on Uncertain Evidence In Proceedings of Public Key Cryptography, LNCS 1751, 2000 [83] Y Labrou and T Finin Semantics and Conversations for an Agent Communication Language In Proceedings of the Fifteenth International Joint Conference on Artifical Intelligence (IJCAI-97), pages 584–591, 1997 [84] B Lampson Protection In ACM Operating Systems Review, volume 18, pages 18–24, 1974 BIBLIOGRAPHY 240 [85] B.W Lampson Protection In Proceedings of 5th Princeton Conference on Information Sciences and Systems, pages 437–443, 1971 [86] D Lange and M Oshima Seven good reasons for mobile agents In Communications of the ACM, volume 42, pages 88–89, 1999 [87] S.J Leffler, M.K McKusik, M.J Karels, and J.S Quarterman The Design and Implementation of the 4.3BSD UNIX Operating System, 1989 [88] Liberty Liberty Alliance Project Architecture Liberty Overview, Version Alliance 1.2 Project: URL: http://www.project-liberty.org/specs/liberty-idff-arch-overview-v1.2.pdf [89] A Lysyanskaya, R Rivest, A Sahai, and S Wolf The notion of Security for Probabilistic Cryptosystems In SIAM Journal on Computing, volume 17, pages 412–426, 1988 [90] J Mayeld, Y Labrou, and T Finin Evaluating KQML As An Agent Communication Language In Intelligent Agents II, LNCS 1039, Springer, pages 347–360, 1996 [91] C Meadows Open Issues in Formal Methods for Cryptographic Protocol Analysis In DARPA Information Survivability Conference and Exposition, volume 2052, pages 237–250 IEEE Computer Society Press, 2000 [92] Microsoft Corporation Microsoft NET Passport Review Guide URL: http://www.microsoft.com/net/services/passport/ review guide.asp [93] Microsoft Corporation Windows Server Systems URL: http://www.microsoft.com/windowsserver2003/technologies/default.mspx [94] G Necula and P Lee Safe, Untrusted Agents using proof-Carrying Code In Mobile Agents and Security, LNCS 1419, pages 92–113, 1998 BIBLIOGRAPHY 241 [95] R Needham and M Schroeder Using Encryption for Authentication in Large Networks of Computers In Communications of the ACM, volume 21, pages 993–999, 1978 [96] B Neuman and T Ts’o Kerberos: An Authentication Service for Computer Networks In IEEE Communication, volume 32, pages 33–38, 1994 [97] R Oppliger Security Issues related to mobile code and agent-based systems In Computer Communications, volume 22, pages 1165–1170, 1999 [98] Organisation for the Advancement Structured Information Sciences XACML 1.0 Specification URL: http://www.oasis-open.org/committees/ download.php/2406/oasis-xacml-1.0.pdf, 2003 [99] Organisation Sciences for the Advancement Structured Information Assertions and Protocol for OASIS Security Assertion Markup Language (SAML): Committee Specification 01 URL: http://www.oasis-open.org/committees/security/docs/cs-sstc-core-01.pdf, 2004 [100] Organisation for the Advancement Structured Information Sciences OASIS Standards URL: http://www.oasis-open.org/specs/index.php, 2004 [101] A Pfitzmann and M Kohntopp Anonymity, Unobservability and Pseudonymity - A proposal for Terminology In Proceedings of the workshop on Design issues in anonymity and unobservability, LNCS 2009, Springer-Verlag, 2000 [102] PGP Corporation Pretty Good Privacy, PGP In URL: http://www.pgp.com [103] J Posegga and H Vogt Byte Code Verification for Java Smart Cards Based on Model Checking In Proceedings of 5th European Symposium on Research in Computer Security - ESORICS’ 98, 1998 BIBLIOGRAPHY 242 [104] M.G Reed, P F Syverson, and D Goldschlag Anonymous Connections and Onion Routing In IEEE Journal on Selected Areas in Communications, volume 16, pages 482–494, 1998 [105] M.K Reiter and A.D Rubin Crowds: Anonymity for Web Transactions In ACM Transactions on Information and System Security, volume 1, pages 66–92, 1998 [106] M.K Reiter and S.G Stubblebine Authentication Metric Analysis and Design In ACM Transactions on Information and System Security, volume 2, pages 138–158, 1999 [107] R Rivest and B Lampson SDSI - A Simple Distributed Security Infrastructure 1996 [108] W Rosenberry, D Kenney D., and G Fisher Understanding DCE O’Reilly and Associates, Inc., 1992 [109] T Sander and C Tschudin Towards Mobile Cryptography In International Computer Security Institute (ICSI) Technical Report 97-049, 1997 [110] R Sandhu Access Control: The Neglected Frontier In Proceedings of the 1st Australian Conference on Information Security and Privacy, pages 24–35, 1996 [111] R Sandhu Role Activation Hierarchies In Proceedings of Third ACM Workshop on Role-Based Access Control, pages 33–40, 1998 [112] R Sandhu, E Coyne, H Feinstein, and C Youman Role-Based Access Control Models In IEEE Computer, pages 38–47, 1996 [113] Schlumberger Cyberflex Access Programmer’s Guide http://www.cyberflex.com/Support/CyberflexPG.pdf [114] B Schneier Applied Cryptography John Wiley and Sons, Inc., 1996 In BIBLIOGRAPHY 243 [115] H Shogase The Very Smart Card : A Plastic Pocket Bank In IEEE Spectrum, volume 25, pages 35–39, 1997 [116] A Spesivtsev, V Wegner, A Krytjakov, and V Sergin Smart Card, Computer Security, Access Control, Cryptology In Proceedings of IEEE 93 International Carnahan Conference on Security Technology, pages 157–158, 1993 [117] Sun Microsystems Inc Java Card Applet Developer Guide In URL: http://java.sun.com/products/javacard/, 1998 [118] G Vigna Cryptographic Traces for Mobile Agents In Mobile Agents and Security, Springer-Verlag, LNCS 1419, pages 137–153, 1998 [119] S Vimercati and P Samarati Authorization Specification and Enforcement in Federated Database Systems Journal of Computer Security, 5(2):155–188, 1997 [120] D Kenney W Rosenberry and G Fisher Understanding DCE O’Reilly and Associates, Inc, 1992 [121] H Wedde and M Lischka Modular Authorisation In Proceedings of the sixth ACM symposium on Access Control models and Technologies, pages 97–105, 2001 [122] J.E White Telescript Technology: The Foundation for the Electronic Marketplace In White Paper by General Magic Inc, Sunnyvale CA, USA, 1994 [123] U G Wilhelm A technical Approach to Privacy based on Mobile Agents Protected by Tamper-resistant Hardware Ph.D Thesis, Swiss Federal Institute of Technology, 1999 [124] M Wooldridge and N.J Jennings Intelligent agents: Theory and practice In Knowledge Engineering Review, volume 10, pages 115–152, 1995 BIBLIOGRAPHY 244 [125] World Wide Web Consortium Platform for Privacy Preferences In URL: www.w3.org/P3P [126] A Young and M Yung Sliding Encryption: A Cryptographic Tool for Mobile Agents In Fast Software Encryption: 4th International Workshop, LNCS 1267, Springer-Verlag, 1997 [127] H Zandbelt, B Hulsebosch, and H Eertink IDSec: Virtual Identity on the Internet In Internet Engineering Task Force, Internet Draft, URL: http://idsec.sourceforge.net/draft-zandbelt-idsec-01.txt, 2002 ... application-specific and involve many local parameters within different administrative domains, such as security policies and certain environmental variables Facing the authorisation problem for commercial extranets,... Springer-Verlag, pages 18–29, Brisbane, Australia, 20 – 21 August 2000 (Material is included in Chapter 4) [3] Richard Au, Mark Looi, Paul Ashley Cross Domain One- Shot Authorisation using Smart... 2005 (Material is included in Chapter 6) Non-Academically Refereed Conference Papers [11] Richard Au, Mark Looi, Paul Ashley Using Java Card as Authorisation Device in Multi-Application Environment