论文信息 - Computing Minimum-Height Certificate Trees in SPKI/SDSI

Computing Minimum-Height Certificate Trees in SPKI/SDSI

SPKI/SDSI is a framework that combines a simple public-key infrastructure and a simple distributed security infrastructure with a means of defining local name spaces. It allows principals, which can be a person or an organization, to locally create groups of principals and delegate rights to other principals or groups of principals by issuing certificates. To prove authorizations, principals need to search for necessary certificates that are, in general, in the form of certificate trees. This paper defines a framework based on SPKI/SDSI which allows principals to give weights to certificates. Weights can be used to address many authorization issues such as access control of limited resources. The paper shows a connection between SPKI/SDSI and the theory of pushdown systems, and presents an algorithm that solves the authorization problem by computing minimum-height certificate trees.

Dejvuth Suwimonteerabuth

[1] Stefan Schwoon,et al. Model checking pushdown systems , 2002 .

[2] Somesh Jha,et al. On generalized authorization problems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[3] Ronald L. Rivest,et al. Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[4] Dejvuth Suwimonteerabuth. Reachability in pushdown systems: algorithms and applications , 2009 .

[5] Javier Esparza,et al. Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[6] Javier Esparza,et al. Efficient Algorithms for Alternating Pushdown Systems with an Application to the Computation of Certificate Chains , 2006, ATVA.

[7] Javier Esparza,et al. Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.