Computing Minimum-Height Certificate Trees in SPKI/SDSI
نویسنده
چکیده
SPKI/SDSI is a framework that combines a simple public-key infrastructure and a simple distributed security infrastructure with a means of defining local name spaces. It allows principals, which can be a person or an organization, to locally create groups of principals and delegate rights to other principals or groups of principals by issuing certificates. To prove authorizations, principals need to search for necessary certificates that are, in general, in the form of certificate trees. This paper defines a framework based on SPKI/SDSI which allows principals to give weights to certificates. Weights can be used to address many authorization issues such as access control of limited resources. The paper shows a connection between SPKI/SDSI and the theory of pushdown systems, and presents an algorithm that solves the authorization problem by computing minimum-height certificate trees.
منابع مشابه
Analysis of SPKI/SDSI Certificates Using Model Checking
SPKI/SDSI is a framework for expressing naming and authorization issues that arise in a distributed-computing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/SDSI-to-PDS connection provides a framework for formalizing a variety of certificate-analysis problems. Moreover, the connection has computatio...
متن کاملLocal Names in SPKI/SDSI
We analyze the notion of “local names” in SPKI/SDSI. By interpreting local names as distributed groups, we develop a simple logic program for SPKI/SDSI’s linked localname scheme and prove that it is equivalent to the nameresolution procedure in SDSI 1.1 and the 4-tuple-reduction mechanism in SPKI/SDSI 2.0. This logic program is itself a logic for understanding SDSI’s linked local-name scheme an...
متن کاملModel checking SPKI/SDSI
SPKI/SDSI is a framework for expressing naming and authorization issues that arise in a distributedcomputing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/SDSI-to-PDS connection provides a framework for formalizing a variety of certificate-analysis problems. Moreover, the connection has computation...
متن کاملDistributed Policy Specification and Interpretation with Classified Advertisements
In a distributed system, the principle of separation of policy and mechanism provides the flexibility to revise policies without altering mechanisms and vice versa. This separation can be achieved by devising a language for specifying policy and an engine for interpreting policy. In the Condor [14] high throughput distributed system the ClassAd language [16] is used to specify resource selectio...
متن کاملSecurity Mechanisms for Mobile Agent Platforms Based on SPKI/SDSI Chains of Trust
This work defines a security scheme, based on SPKI/SDSI chains of trust, for protecting mobile agent platforms in large-scale distributed systems. The scheme is composed by a protocol of mutual authentication, a mobile agent authenticator and a mechanism for the generation of protection domain. Due to the flexibility of the SPKI/SDSI certificate delegation infrastructures used, the proposed sch...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010