On generalized authorization problems

Schwoon, Stefan; Jha, Somesh; Reps, Thomas; Stubblebine, Stuart G.

doi:10.1109/csfw.2003.1212714

Cited by 22 publications

(45 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Schwoon et al [24] introduced a new algorithm for certificate-chain discovery that translates SPKI/SDSI certificates to rules in a weighted pushdown system (WPDS) [22]. The algorithm presented by Schwoon et al [24] can discover proofs of authorization that consist of multiple certificate chains.…”

Section: Introductionmentioning

confidence: 99%

“…Moreover, the algorithm presented in [24] addresses such issues as trust, privacy, and recency in the context of authorization in SPKI/SDSI. As in [24], in this paper we translate SPKI/SDSI certificates into rules in a WPDS, where the authorization specifications of the certificates are translated to weights on rules. This translation to a WPDS yields a complete certificate-chain-discovery algorithm and is described in Section 5.…”

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…The algorithm presented by Schwoon et al [24] can discover proofs of authorization that consist of multiple certificate chains. Moreover, the algorithm presented in [24] addresses such issues as trust, privacy, and recency in the context of authorization in SPKI/SDSI. As in [24], in this paper we translate SPKI/SDSI certificates into rules in a WPDS, where the authorization specifications of the certificates are translated to weights on rules.…”

Section: Introductionmentioning

confidence: 99%

“…The algorithms of [8,14,24] assume that the set of all certificates relevant to a given request are known to a single site, which can then compute the answer to the authorization problem for a given principal and a given resource. In practice, however, there may be no such central authority.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Weighted Pushdown Systems and Trust-Management Systems

Jha¹,

Schwoon

Wang³

et al. 2006

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Abstract. The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trustmanagement system SPKI/SDSI, the security policy is given by a set of certificates, and proofs of authorization take the form of certificate chains. The certificate-chain-discovery problem is to discover a proof of authorization for a given request. Certificate-chain-discovery algorithms for SPKI/SDSI have been investigated by several researchers. We consider a variant of the certificate-chain discovery problem where the certificates are distributed over a number of servers, which then have to cooperate to identify the proof of authorization for a given request. We propose two protocols for this purpose. These protocols are based on distributed model-checking algorithms for weighted pushdown systems (WPDSs). These protocols can also handle cases where certificates are labeled with weights and where multiple certificate chains must be combined to form a proof of authorization. We have implemented these protocols in a prototype and report preliminary results of our evaluation.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Weighted Pushdown Systems and Trust-Management Systems

Jha¹,

Schwoon

Wang³

et al. 2006

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

Extended Weighted Pushdown Systems

Lal

Reps

Balakrishnan

2005

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Recent work on weighted-pushdown systems shows how to generalize interprocedural-dataflow analysis to answer "stack-qualified queries", which answer the question "what dataflow values hold at a program node for a particular set of calling contexts?" The generalization, however, does not account for precise handling of local variables. Extended-weighted-pushdown systems address this issue, and provide answers to stack-qualified queries in the presence of local variables as well.

show abstract