Certificate Chain Discovery in SPKI/SDSI
نویسندگان
چکیده
Dwaine Clarke a, Jean-Emile Elien b, Carl Ellison c, Matt Fredette d, Alexander Morcos e and Ronald L. Rivest f,∗ a Room 226, MIT Lab for Computer Science, 200 Technology Square, Cambridge, MA 02139, USA E-mail: [email protected] b Microsoft, One Microsoft Way, Redmond, WA 98052, USA E-mail: [email protected] c Intel Corporation, 2111 NE 25th Ave, Hillsboro, OR 97124, USA E-mail: [email protected] d aQuery, 100 Fellsway West, Somerville, MA 02145, USA E-mail: [email protected] e Tower Research Capital, 377 Broadway 11th Floor, New York, NY 10013, USA E-mail: [email protected] f Room 324, MIT Lab for Computer Science, 200 Technology Square, Cambridge, MA 02139, USA E-mail: [email protected]
منابع مشابه
Distributed Certificate-Chain Discovery in SPKI/SDSI
The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trust-management system SPKI/SDSI, the security policy is given by a set of certificates, and proofs of authorization take the form of certificate chains. The certificate-chain-discovery problem is to discover a proof of authorization for a given request....
متن کاملLocal Names in SPKI/SDSI
We analyze the notion of “local names” in SPKI/SDSI. By interpreting local names as distributed groups, we develop a simple logic program for SPKI/SDSI’s linked localname scheme and prove that it is equivalent to the nameresolution procedure in SDSI 1.1 and the 4-tuple-reduction mechanism in SPKI/SDSI 2.0. This logic program is itself a logic for understanding SDSI’s linked local-name scheme an...
متن کاملWeighted Pushdown Systems and Trust-Management Systems
The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trustmanagement system SPKI/SDSI, the security policy is given by a set of certificates, and proofs of authorization take the form of certificate chains. The certificate-chain-discovery problem is to discover a proof of authorization for a given request. ...
متن کاملDistributed Policy Specification and Interpretation with Classified Advertisements
In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the Condor [14] high throughput distributed system the ClassAd language [16] is used to specify resource selectio...
متن کاملAnalysis of SPKI/SDSI Certificates Using Model Checking
SPKI/SDSI is a framework for expressing naming and authorization issues that arise in a distributed-computing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/SDSI-to-PDS connection provides a framework for formalizing a variety of certificate-analysis problems. Moreover, the connection has computatio...
متن کاملModel checking SPKI/SDSI
SPKI/SDSI is a framework for expressing naming and authorization issues that arise in a distributedcomputing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/SDSI-to-PDS connection provides a framework for formalizing a variety of certificate-analysis problems. Moreover, the connection has computation...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Journal of Computer Security
دوره 9 شماره
صفحات -
تاریخ انتشار 2001