Abstract

Policy-based cryptographic key management is powerful, flexible method of creating, distributing, protecting, and destroying cryptographic keys in accordance with an organizational policy governing information security. The Policy-Controlled Cryptographic Key Release project addressed one part of key management. The goals included: (1) developing a formal language for specifying policies indicating to whom and under what conditions a cryptographic key could be accessed; (2) implementing a prototype system for administering (i.e., enforcing) these policies; and (3) experimenting with automated verification tools which analyzed the policies for consistency and completeness. The requirements for the key release policy language and administering systems are identified; the initial language and system design are described; and the lessons learned from the project are summarized. An example key release …

Date

January 25, 2000

Authors

Dennis K Branstad, David M Balenson

Conference

Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00

Volume

1

Pages

103-114

Publisher

IEEE