Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
Offline Micropayments without Trusted Hardware
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Public-key support for group collaboration
ACM Transactions on Information and System Security (TISSEC)
Authorisation subterfuge by delegation in decentralised networks
Proceedings of the 13th international conference on Security protocols
A nonfunctional approach to system integrity
IEEE Journal on Selected Areas in Communications
Avoiding delegation subterfuge using linked local permission names
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
| Hi-index | 0.00 |
Trust Management is an approach to construct and interpret the trust relationships among public-keys that are used to mediate security-critical actions. Cryptographic credentials are used to specify delegation of authorisation among public keys. Existing trust management schemes are operational in nature, defining security in terms of specific controls such as delegation chains, threshold schemes, and so forth. However, they tend not to consider whether a particular authorisation policy is well designed in the sense that a principle cannot somehow bypass the intent of a complex series of authorisation delegations via some unexpected circuitous route. In this paper we consider the problem of authorisation subterfuge, whereby, in a poorly designed system, delegation chains that are used by principals to prove authorisation may not actually reflect the original intention of all of the participants in the chain. A logic is proposed that provides a systematic way of determining whether a particular delegation scheme using particular authorisation is sufficiently robust to be able to withstand attempts at subterfuge. This logic provides a new characterisation of certificate reduction that, we argue, is more appropriate to open systems.