A Proof-Carrying Authorization System

We describe an infrastructure for distributed authorization based on the ideas of proof-carrying authorization (PCA). PCA is more general and more flexible than traditional distributed authorization systems. We extend PCA with the notion of goals and sessions, and add a module system to the proof language. Our framework makes it possible to locate and use pieces of the security policy that have been distributed across arbitrary hosts. We provide a mechanism which allows pieces of the security policy to be hidden from unauthorized clients. As a prototype application we have developed modules that extend a standard web server and a standard web browser to use proofcarrying authorization to control access to web pages. The web browser generates proofs mechanically by iteratively fetching proof components until a proof can be constructed. We provide for iterative authorization, by which a server can require a browser to prove a series of challenges. Our prototype implementation includes a series of optimizations, such as speculative proving and modularizing and caching proofs, which allows proof-carrying authorization to be used with minimal performance and bandwidth overheads.