A Logic for SDSI's Linked Local Name Spaces

Abadi has introduced a logic to explicate the meaning of local names in SDSI, the Simple Distributed Security Infrastructure proposed by Rivest and Lampson. Abadi's logic does not correspond precisely to SDSI, however; it draws conclusions about local names that do not follow from SDSI's name resolution algorithm. Moreover, its semantics is somewhat unintuitive. This paper presents the Logic of Local Name Containment, which does not suffer from these deficiencies. It has a clear semantics and provides a tight characterization of SDSI name resolution. The semantics is shown to be closely related to that of logic programs, leading to an approach to the efficient implementation of queries concerning local names. A complete axiomatization of the logic is also provided.

[1]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[2]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[3]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Jeffrey D. Ullman,et al.  Principles Of Database And Knowledge-Base Systems , 1979 .

[5]  Robert A. Kowalski,et al.  The Semantics of Predicate Logic as a Programming Language , 1976, JACM.

[6]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[7]  Jeffrey D. Ullman,et al.  Principles of Database and Knowledge-Base Systems, Volume II , 1988, Principles of computer science series.

[8]  John Wylie Lloyd,et al.  Foundations of Logic Programming , 1987, Symbolic Computation.

[9]  Joseph Y. Halpern,et al.  Naming and Identity in Epistemic Logics Part I: The Propositional Case , 1993, J. Log. Comput..

[10]  Ninghui Li,et al.  Local names in SPKI/SDSI , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[11]  Liz Sonenberg,et al.  Fixed Point Theorems and Semantics: A Folk Tale , 1982, Inf. Process. Lett..

[12]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[13]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[14]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  Joseph Y. Halpern,et al.  A logic for SDSI's linked local name spaces: preliminary version , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.