Show simple item record

AuthorHeinl, Michael P.dc.contributor.author
AuthorGiehl, Alexanderdc.contributor.author
AuthorWiedermann, Norbertdc.contributor.author
AuthorPlaga, Svendc.contributor.author
AuthorKargl, Frankdc.contributor.author
Date of accession2020-01-30T10:53:26Zdc.date.accessioned
Available in OPARU since2020-01-30T10:53:26Zdc.date.available
Date of first publication2019-11-11dc.date.issued
AbstractPublic key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.dc.description.abstract
Languageendc.language.iso
PublisherUniversität Ulmdc.publisher
LicenseStandard (ohne Print-on-Demand)dc.rights
Link to license texthttps://oparu.uni-ulm.de/xmlui/license_opod_v1dc.rights.uri
Dewey Decimal GroupDDC 000 / Computer science, information & general worksdc.subject.ddc
Dewey Decimal GroupDDC 004 / Data processing & computer sciencedc.subject.ddc
LCSHMetric systemdc.subject.lcsh
LCSHCertificationdc.subject.lcsh
LCSHComputer securitydc.subject.lcsh
LCSHReliabilitydc.subject.lcsh
LCSHEspionagedc.subject.lcsh
LCSHBusiness intelligencedc.subject.lcsh
LCSHMonitoringdc.subject.lcsh
TitleMERCAT: A metric for the evaluation and reconsideration of certificate authority trustworthinessdc.title
Resource typeBeitrag zu einer Konferenzdc.type
VersionacceptedVersiondc.description.version
DOIhttp://dx.doi.org/10.18725/OPARU-24760dc.identifier.doi
URNhttp://nbn-resolving.de/urn:nbn:de:bsz:289-oparu-24823-5dc.identifier.urn
GNDMetrikdc.subject.gnd
GNDZertifizierungsstelledc.subject.gnd
GNDDigitales Zertifikatdc.subject.gnd
GNDComputersicherheitdc.subject.gnd
GNDVertrauenswürdigkeitdc.subject.gnd
GNDSpionagedc.subject.gnd
GNDWirtschaftsspionagedc.subject.gnd
GNDÜberwachungdc.subject.gnd
FacultyFakultät für Ingenieurwissenschaften, Informatik und Psychologieuulm.affiliationGeneral
InstitutionInstitut für Verteilte Systemeuulm.affiliationSpecific
Peer reviewjauulm.peerReview
DCMI TypeTextuulm.typeDCMI
CategoryPublikationenuulm.category
In cooperation withFraunhofer Institut für Angewandte und Integrierte Sicherheit AISECuulm.cooperation
Is Supplement Tohttp://dx.doi.org/10.18725/OPARU-12173uulm.relation.isSupplementTo
DOI of original publication10.1145/3338466.3358917dc.relation1.doi
Source - Title of sourceCCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshopsource.title
Quellenangabe - HerausgeberAssociation for Computing Machinery (ACM)source.contributor.editor1
Source - PublisherNew York, NY, USAsource.publisherPlace
Source - Place of publicationAssociation for Computing Machinery (ACM)source.publisher
Source - Volume2019source.volume
Source - Year2019source.year
Source - ISBN978-1-4503-6826-1source.identifier.isbn
Conference name10th ACM Cloud Computing Security Workshop (CCSW'19)uulm.conferenceName
Conference placeLondon, United Kingdomuulm.conferencePlace
Conference start date2019-11-11uulm.conferenceStartDate
Conference end date2019-11-11uulm.conferenceEndDate
Open AccessGreen Publisheduulm.OA
WoS000557325500001uulm.identifier.wos
University Bibliographyjauulm.unibibliographie


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record