Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
On SDSI's linked local name spaces
Journal of Computer Security
Dynamically distributed query evaluation
PODS '01 Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
The role of trust management in distributed systems security
Secure Internet programming
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
A generic approach to the static analysis of concurrent programs with procedures
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Reachability Analysis of Pushdown Automata: Application to Model-Checking
CONCUR '97 Proceedings of the 8th International Conference on Concurrency Theory
Efficient Algorithms for Model Checking Pushdown Systems
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
System Description: Twelf - A Meta-Logical Framework for Deductive Systems
CADE-16 Proceedings of the 16th International Conference on Automated Deduction: Automated Deduction
Distributed credential chain discovery in trust management
Journal of Computer Security
Analysis of SPKI/SDSI Certificates Using Model Checking
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Formal Semantics for SPKI
A Logical Reconstruction of SPKI
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Understanding Trust Management Systems
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Weighted pushdown systems and their application to interprocedural dataflow analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Journal of Computer Security - Special issue on CSFW15
Weighted pushdown systems and their application to interprocedural dataflow analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
Interprocedural Dataflow Analysis over Weight Domains with Infinite Descending Chains
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
SDSIrep: a reputation system based on SDSI
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
An automata-theoretic approach to infinite-state systems
Time for verification
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
STM'10 Proceedings of the 6th international conference on Security and trust management
Reducing the dependence of SPKI/SDSI on PKI
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trust-management system SPKI/SDSI, the security policy is given by a set of certificates, and proofs of authorization take the form of certificate chains. The certificate-chain-discovery problem is to discover a proof of authorization for a given request. Certificate-chain-discovery algorithms for SPKI/SDSI have been investigated by several researchers. We consider a variant of the certificate-chain discovery problem where the certificates are distributed over a number of servers, which then have to cooperate to identify the proof of authorization for a given request. We propose two protocols for this purpose. These protocols are based on distributed model-checking algorithms for weighted pushdown systems (WPDSs). These protocols can also handle cases where certificates are labeled with weights and where multiple certificate chains must be combined to form a proof of authorization. We have implemented these protocols in a prototype and report preliminary results of our evaluation.