USENIX Technical Program - Abstract - Security Symposium 99
The Design of a Cryptographic Security Architecture
Peter Gutmann, University of Auckland, Auckland, New Zealand
Traditional security toolkits have concentrated mostly on defining a
programming interface (API) and left the internals up to individual
implementors. This paper presents a design for a portable, flexible security
architecture based on traditional computer security models involving a security
kernel which controls access to security-relevant objects and attributes based
on a configurable security policy. Layered on top of the kernel are various
objects which abstract core functionality such as encryption and digital
signature capabilities, certificate management, and secure sessions and data
enveloping (email encryption) in a manner which allows them to be easily moved
into cryptographic devices such as smart cards and crypto accelerators for
extra performance or security. The versatility of the design has been proven
through its use in implementations ranging from from 16-bit microcontrollers
through to supercomputers, as well as a number of unusual areas such as
security modules in ATM's.
- View the full text of this paper in
HTML form and PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.