Weighted pushdown systems and trust-management systems

Authors:
Somesh Jha;Stefan Schwoon;Hao Wang;Thomas Reps
Affiliations:
Computer Science Department, University of Wisconsin, Madison, WI;Institut für Formale Methoden der Informatik, Universität Stuttgart, Stuttgart, Germany;Computer Science Department, University of Wisconsin, Madison, WI;Computer Science Department, University of Wisconsin, Madison, WI
Venue:
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Year:
2006

Citing 20
Cited 7

Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
Proof-carrying authentication

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
On SDSI's linked local name spaces

Journal of Computer Security
Dynamically distributed query evaluation

PODS '01 Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
The role of trust management in distributed systems security

Secure Internet programming
Certificate chain discovery in SPKI?SDSI

Journal of Computer Security
A generic approach to the static analysis of concurrent programs with procedures

POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Reachability Analysis of Pushdown Automata: Application to Model-Checking

CONCUR '97 Proceedings of the 8th International Conference on Concurrency Theory
Efficient Algorithms for Model Checking Pushdown Systems

CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
System Description: Twelf - A Meta-Logical Framework for Deductive Systems

CADE-16 Proceedings of the 16th International Conference on Automated Deduction: Automated Deduction
Distributed credential chain discovery in trust management

Journal of Computer Security
Analysis of SPKI/SDSI Certificates Using Model Checking

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Formal Semantics for SPKI

A Formal Semantics for SPKI
A Logical Reconstruction of SPKI

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Understanding Trust Management Systems

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Distributed Proving in Access-Control Systems

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Weighted pushdown systems and their application to interprocedural dataflow analysis

Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Model checking SPKI/SDSI

Journal of Computer Security - Special issue on CSFW15
Weighted pushdown systems and their application to interprocedural dataflow analysis

SAS'03 Proceedings of the 10th international conference on Static analysis

Interprocedural Dataflow Analysis over Weight Domains with Infinite Descending Chains

FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
SDSIrep: a reputation system based on SDSI

TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
An automata-theoretic approach to infinite-state systems

Time for verification
Automatic error finding in access-control policies

Proceedings of the 18th ACM conference on Computer and communications security
A case study in decentralized, dynamic, policy-based, authorization and trust management: automated software distribution for airplanes

STM'10 Proceedings of the 6th international conference on Security and trust management
Reducing the dependence of SPKI/SDSI on PKI

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies

ACM Transactions on Information and System Security (TISSEC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trust-management system SPKI/SDSI, the security policy is given by a set of certificates, and proofs of authorization take the form of certificate chains. The certificate-chain-discovery problem is to discover a proof of authorization for a given request. Certificate-chain-discovery algorithms for SPKI/SDSI have been investigated by several researchers. We consider a variant of the certificate-chain discovery problem where the certificates are distributed over a number of servers, which then have to cooperate to identify the proof of authorization for a given request. We propose two protocols for this purpose. These protocols are based on distributed model-checking algorithms for weighted pushdown systems (WPDSs). These protocols can also handle cases where certificates are labeled with weights and where multiple certificate chains must be combined to form a proof of authorization. We have implemented these protocols in a prototype and report preliminary results of our evaluation.