Skip to main content
SpringerLink
Log in

Specification and Realization of Access Control in SPKI/SDSI

  • Conference paper
Information Systems Security (ICISS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4332))

Included in the following conference series:

Abstract

SACL is an access control language based on SPKI/SDSI PKI that has features like group certificates, delegation, threshold certificates etc. In this paper, we show how SACL can be effectively realized in a Security Automata framework. We establish the equivalence of the transformation with the SPKI/SDSI semantics as well as the set-theoretic semantics. The transformation gives an efficient way to enforce the policy being defined and allows inference of authorizations obtained from multiple certificates. Further, we describe algorithms for efficiently solving certificate-analysis problems, resource authentication problems etc. The transformation allows us to capture the authorization of tags while being delegated in an unambiguous way and, define the set of tags permissible under threshold certification. The framework succinctly captures the expressive power of SACL and enables heterogenous integration of SACL with state-based security mechanisms that are widely used for protection/security of classical OS, Databases etc. One of the distinct advantages of the framework is the amenability of using finite state model-checking algorithms for verifying access control. We shall show how very useful properties can be verified using our transformation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and multics interpretation. ESD-TR-75-306, rev. 1, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731

    Google Scholar 

  2. Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)

    Google Scholar 

  3. Clarke, D.E., Elien, J.-E., Ellison, C.M., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)

    Google Scholar 

  4. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: RFC 2693. SPKI certificate theory, IETF RFC Publication (September 1999)

    Google Scholar 

  5. Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  6. Jha, S., Reps, T.: Model checking SPKI/SDSI. Journal of Computer Security 12, 317–353 (2004)

    Google Scholar 

  7. Li, N., Mitchell, J.C.: Understanding SPKI/SDSI using first-order logic. In: CSFW, pp. 89–103 (2003)

    Google Scholar 

  8. Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Technology and Computer Science, Tata Institute of Fundamental Research, Mumbai, 400005, India

    N. V. Narendra Kumar & R. K. Shyamasundar

  2. IBM – India Research Lab, New Delhi, 110016, India

    R. K. Shyamasundar

Authors
  1. N. V. Narendra Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. K. Shyamasundar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Statistical Institute, Computer and Statistical Service Center, 203, B.T. Road, 700108, Kolkata, India

    Aditya Bagchi

  2. MSIS Department and CIMIC, Rutgers University, USA

    Vijayalakshmi Atluri

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Narendra Kumar, N.V., Shyamasundar, R.K. (2006). Specification and Realization of Access Control in SPKI/SDSI. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_12

Download citation

  • DOI: https://doi.org/10.1007/11961635_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68962-1

  • Online ISBN: 978-3-540-68963-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation