Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security 2022
DOI: 10.1145/3548606.3560594
|View full text |Cite
|
Sign up to set email alerts
|

Hammurabi

Abstract: This paper proposes using a logic programming language to disentangle X.509 certificate validation policy from mechanism. Expressing validation policies in a logic programming language provides multiple benefits. First, policy and mechanism can be more independently written, augmented, and analyzed compared to the current practice of interweaving them within a C or C++ implementation. Once written, these policies can be easily shared and modified for use in different TLS clients. Further, logic programming all… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
2
1

Relationship

1
5

Authors

Journals

citations
Cited by 6 publications
(1 citation statement)
references
References 77 publications
0
1
0
Order By: Relevance
“…GCCs may be easier to deploy given a radical redesign of certificate chain validation. For instance, in Hammurabi [38], the entire TLS certificate validation algorithm is expressed as a Prolog program. A Hammurabi-enabled platform could perform the complete chain validation procedure-user-agents would simply pass certificate and the chosen Hammurabi policy (e.g., authored by Mozilla or Google) to the platform's trust daemon, which would perform chain construction and return true or false.…”
Section: Complete Validation Redesignmentioning
confidence: 99%
“…GCCs may be easier to deploy given a radical redesign of certificate chain validation. For instance, in Hammurabi [38], the entire TLS certificate validation algorithm is expressed as a Prolog program. A Hammurabi-enabled platform could perform the complete chain validation procedure-user-agents would simply pass certificate and the chosen Hammurabi policy (e.g., authored by Mozilla or Google) to the platform's trust daemon, which would perform chain construction and return true or false.…”
Section: Complete Validation Redesignmentioning
confidence: 99%