A First-order Logic Semantics for SPKI/SDSI

SPKI/SDSI is a distributed access control mechanism in which the policy statements for resource access are issued by multiple principals. A set of SPKI/SDSI policy statements forms a state of system. Many important properties of such states need to be known and analyzed. Unlike other trust management language, SPKI/SDSI certificate structure is rather complex. In this paper, a first-order logic semantics is presented. The soundness of the semantics is proved. Using this semantics we can check if a given SPKI/SDSI state satisfies some given policy question.

[1]  Ninghui Li,et al.  Beyond proof-of-compliance: security analysis in trust management , 2005, JACM.

[2]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[3]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Jean H. Gallier,et al.  Linear-Time Algorithms for Testing the Satisfiability of Propositional Horn Formulae , 1984, J. Log. Program..

[5]  Joseph Y. Halpern,et al.  A logical reconstruction of SPKI , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[6]  Ninghui Li,et al.  Understanding SPKI/SDSI using first-order logic , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[7]  A. Prasad Sistla,et al.  Language based policy analysis in a SPKI Trust Management System , 2006, J. Comput. Secur..