Arul Ganesh
K Gopinath
ABSTRACT
The SPKI/SDSI is a security infrastructure whose principal goal is to facilitate the building of secure, scalable, distributed computing systems. Given a set of SPKI/SDSI certificates, the decision on granting access to a resource by a user is taken by using a certificate chain discovery process. SPKI/SDSI infrastructure allows validity specification. The validity specification is a time period during which a certificate is valid. This validity specification, as defined in the specification RFC-2693, allows for limited constraints on the certificate. But the specification also allows for more powerful constraints specification. In this paper we demonstrate how weak Monadic Second Order (WS1S) logic can be used for specification of general validity constraint, with specific example provided for time constraints which is represented as interval on an abstract domain, and manipulated as WS1S formula. We also show this logic can be combined with Weighted Pushdown System (WPDS) to formally answer most of authorization questions based on the given validity period.
- J. R. Büchi. Weak second order arithmetic and finite automata. Z. Math. Logik Grundlag. Math., 6:66--92, 1960.Google Scholar
Cross Ref
- D. E. Clarke. Spki/sdsi http server/certificate chain discovery in spki/sdsi, September 2001. Supervisor-Frank Thomson Leighton.Google Scholar
- J. Elgaard, N. Klarlund, and A. Møller. MONA 1.x: new techniques for WS1S and WS2S.Google Scholar
- C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Spki certificate theory (rfc 2693), September 1999. Google ScholarDigital Library
- J. Esparza, D. Hansel, P. Rossmanith, and S. Schwoon. Efficient algorithms for model checking pushdown systems. In CAV '00: Proceedings of the 12th International Conference on Computer Aided Verification, pages 232--247, London, UK, 2000. Springer-Verlag. Google ScholarDigital Library
- J. Howell and D. Kotz. A formal semantics for spki. Technical report, Hanover, NH, USA, 2000. Google ScholarDigital Library
- N. Klarlund and A. Møller. MONA Version 1.4 User Manual. BRICS, Department of Computer Science, University of Aarhus, January 2001.Google Scholar
- N. Klarlund, A. Møller, and M. I. Schwartzbach. MONA implementation secrets. International Journal of Foundations of Computer Science, 13(4):571--586, 2002.Google ScholarDigital Library
- T. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci. Comput. Program., 58(1--2):206--263, 2005. Google ScholarDigital Library
- S. Schwoon. Moped: A model-checker for pushdown systems. Technical report, Computer Sciences Department, University of Wisconsin, 2002.Google Scholar
- S. Schwoon. Wpds: A library for weighted pushdown systems. Technical report, Computer Sciences Department, University of Wisconsin, 2003.Google Scholar
- S. Schwoon, S. Jha, T. Reps, and S. Stubblebine. On generalized authorization problems. Computer Security Foundations Workshop, 00:202, 2003.Google ScholarCross Ref
- S. Schwoon, H. Wang, S. Jha, and T. Reps. Distributed certificate-chain discovery in SPKI/SDSI. Technical Report TR-1526, Computer Sciences Department, University of Wisconsin, August 2005.Google Scholar
Index Terms
- SPKI/SDSI certificate chain discovery with generic constraints
Recommendations
Certificate chain discovery in SPKI?SDSI
SPKI/SDSI is a novel public-key infrastructure emphasizing naming, groups, ease-of-use, and flexible authorization. To access a protected resource, a client must present to the server a proof that the client is authorized; this proof takes the form of a ...
Model checking SPKI/SDSI
Special issue on CSFW15SPKI/SDSI is a framework for expressing naming and authorization issues that arise in a distributed-computing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/...
Analysis of SPKI/SDSI Certificates Using Model Checking
CSFW '02: Proceedings of the 15th IEEE workshop on Computer Security FoundationsSPKI/SDSI is a fram work for expressing naming and eauthorization issues that aris in a distributed-computing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/...
Comments