Understanding trust management systems

We present a mathematical framework for expressing trust management systems. The framework makes it easier to understand existing systems and to compare them to one another as well as to design new systems. The framework defines the semantics of a trust management engine via a least fixpoint in a lattice, which, in some situations, leads to an efficient implementation. To demonstrate its flexibility, we present KeyNote and SPKI as instantiations by the framework.

[1]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[2]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[3]  AbadiMartín,et al.  Authentication in the Taos operating system , 1993 .

[4]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[5]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[6]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[8]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[9]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[10]  R. Rivest,et al.  Simple Public Key Certificate , 1998 .

[11]  Jean-Emile Elien,et al.  Certificate discovery using SPKI/SDSI 2.0 certificates , 1998 .

[12]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[13]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[14]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[15]  Joan Feigenbaum,et al.  A logic-based knowledge representation for authorization with delegation , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[16]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[17]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[18]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[19]  Dirk Balfanz,et al.  A security infrastructure for distributed Java applications , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[20]  Ninghui Li,et al.  Local names in SPKI/SDSI , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[21]  Jon Howell,et al.  A Formal Semantics for SPKI , 2000, ESORICS.

[22]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[23]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[24]  John S. Baras,et al.  On Trust Establishment in Mobile Ad-Hoc Networks , 2002, Security Protocols Workshop.