ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Certificate chain discovery in SPKI?SDSI
Source Journal of Computer Security archive
Volume 9 ,  Issue 4  (January 2001) table of contents
Pages: 285 - 322  
Year of Publication: 2002
ISSN:0926-227X
Authors
Dwaine Clarke
Jean-Emile Elien
Carl Ellison
Matt Fredette
Alexander Morcos
Ronald L. Rivest
Publisher
IOS Press  Amsterdam, The Netherlands, The Netherlands
Bibliometrics
Downloads (6 Weeks): n/a,   Downloads (12 Months): n/a,   Citation Count: 35
Additional Information:

abstract   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  

ABSTRACT

SPKI/SDSI is a novel public-key infrastructure emphasizing naming, groups, ease-of-use, and flexible authorization. To access a protected resource, a client must present to the server a proof that the client is authorized; this proof takes the form of a certificate chain proving that the client's public key is in one of the groups on the resource's ACL, or that the client's public key has been delegated authority (in one or more stages) from a key in one of the groups on the resource's ACL.

While finding such a chain can be nontrivial, due to the flexible naming and delegation capabilities of SPKI/SDSI certificates, we present a practical and efficient algorithm for this problem of certificate chain discovery. We also present a tight worst-case bound on its running time, which is polynomial in the length of its input.

We also present an extension of our algorithm that is capable of handling threshold subjects, where several principals are required to co-sign a request to access a protected resource.


CITED BY  35
Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management: extended abstract, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA
Ninghui Li , Benjamin N. Grosof , Joan Feigenbaum, Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.128-171, February 2003
Joseph Y. Halpern , Ron van der Meyden, A logical reconstruction of SPKI, Journal of Computer Security, v.11 n.4, p.581-613, 01/01/2004
Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management, Journal of Computer Security, v.11 n.1, p.35-86, February 2003
Roberto Tamassia , Danfeng Yao , William H. Winsborough, Role-based cascaded delegation, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Sanjay Raman , Dwaine Clarke , Matt Burnside , Srinivas Devadas , Ronald Rivest, Access-controlled resource discovery for pervasive networks, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
George Theodorakopoulos , John S. Baras, Trust evaluation in ad-hoc networks, Proceedings of the 2004 ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA
Joachim Biskup , Sandra Wortmann, Towards a credential-based implementation of compound access control policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Ninghui Li , John C. Mitchell , William H. Winsborough, Beyond proof-of-compliance: security analysis in trust management, Journal of the ACM (JACM), v.52 n.3, p.474-514, May 2005
Victoria Ungureanu, Efficient support for enterprise delegation policies, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Jiangtao Li , Ninghui Li, Policy-hiding access control in open environment, Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing, July 17-20, 2005, Las Vegas, NV, USA
Urs Hengartner , Peter Steenkiste, Access control to people location information, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.424-456, November 2005
Sandro Etalle , William H. Winsborough, Integrity constraints in trust management, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
William H. Winsborough , Ninghui Li, Protecting sensitive attributes in automated trust negotiation, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.41-51, November 21-21, 2002, Washington, DC
M. Burnside , D. Clarke , T. Mills , A. Maywah , S. Devadas , R. Rivest, Proxy-based security protocols in networked mobile devices, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain
S. Jha , T. Reps, Model checking SPKI/SDSI, Journal of Computer Security, v.12 n.3,4, p.317-353, May 2004
Jeff Polakow , Christian Skalka, Specifying distributed trust management in LolliMon, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada
José de R. P. Braga, Jr , Alexandre C. T. Vidal , Fabio Kon , Marcelo Finger, Trust in large-scale computational grids: an SPKI/SDSI extension for representing opinion, Proceedings of the 4th international workshop on Middleware for grid computing, November 27-December 01, 2006, Melbourne, Australia
Daniele Gorla , Matthew Hennessy , Vladimiro Sassone, Inferring dynamic credentials for rôle-based trust management, Proceedings of the 8th ACM SIGPLAN symposium on Principles and practice of declarative programming, July 10-12, 2006, Venice, Italy
Sudhir Agarwal , Anupriya Ankolekar, Automatic matchmaking of web services, Proceedings of the 15th international conference on World Wide Web, May 23-26, 2006, Edinburgh, Scotland
Xiaoling Dai , John Grundy, NetPay: An off-line, decentralized micro-payment system for thin-client applications, Electronic Commerce Research and Applications, v.6 n.1, p.91-101, January, 2007
Vishwas Patil , Alessandro Mei , Luigi V. Mancini, Addressing interoperability issues in access control models, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
Sandro Etalle , William H. Winsborough, A posteriori compliance control, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Katia Hristova , K. Tuncay Tekle , Yanhong A. Liu, Efficient trust management policy analysis from rules, Proceedings of the 9th ACM SIGPLAN international symposium on Principles and practice of declarative programming, July 14-16, 2007, Wroclaw, Poland
Arun K. Eamani , A. Prasad Sistla, Language based policy analysis in a SPKI Trust Management System, Journal of Computer Security, v.14 n.4, p.327-357, July 2006
Vishwas Patil , R. K. Shyamasundar, e-coupons: An Efficient, Secure and Delegable Micro-Payment System, Information Systems Frontiers, v.7 n.4-5, p.371-389, December 2005
A. Prasad Sistla , Min Zhou, Analysis of dynamic policies, Information and Computation, v.206 n.2-4, p.185-212, February, 2008
Pedro Felix , Carlos Ribeiro, A scalable and flexible web services authentication model, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA
Luis F. G. Sarmenta , Marten van Dijk , Jonathan Rhodes , Srinivas Devadas, Offline count-limited certificates, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Eunjin (EJ) Jung , Ehab S. Elmallah , Mohamed G. Gouda, Optimal Dispersal of Certificate Chains, IEEE Transactions on Parallel and Distributed Systems, v.18 n.4, p.474-484, April 2007
Steve Barker , Marek J. Sergot , Duminda Wijesekera, Status-Based Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-47, October 2008
Peter C. Chapin , Christian Skalka , X. Sean Wang, Authorization in trust management: Features and foundations, ACM Computing Surveys (CSUR), v.40 n.3, p.1-48, August 2008
Danfeng Yao , Roberto Tamassia, Compact and Anonymous Role-Based Authorization Chain, ACM Transactions on Information and System Security (TISSEC), v.12 n.3, p.1-27, January 2009
Steve Barker, The next 700 access control models or a unifying meta-model?, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Yanhong A. Liu , Scott D. Stoller, From datalog rules to efficient programs with time and space guarantees, ACM Transactions on Programming Languages and Systems (TOPLAS), v.31 n.6, p.1-38, August 2009

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Public key cryptosystems


General Terms:
Algorithms, Security, Theory, Verification


Keywords:
PKI, SDSI, SPKI, authorization, certificate chain, certificate chain discovery, delegation, local names, naming, public-key infrastructure, threshold subjects

Collaborative Colleagues:
Dwaine Clarke: colleagues
Jean-Emile Elien: colleagues
Carl Ellison: colleagues
Matt Fredette: colleagues
Alexander Morcos: colleagues
Ronald L. Rivest: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player