15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

Trustworthy Access Control with Untrustworthy Web Servers

Tim Wilkinson, t.wilkinson@eris.dera.gov.uk
Dave Hearn, d.hearn@eris.dera.gov.uk
Simon Wiseman, s.wiseman@eris.dera.gov.uk

Defence Evaluation and Research Agency
Malvern, UK

If sensitive information is to be included in a shared web, access controls will be required. However, the complex software needed to provide a web service is prone to failure. To provide access control without relying on such software, encryption can be used. Bob is a prototype system that supports complex access control expressions through the transparent use of encryption.