Understanding SPKI/SDSI using first-order logic

SPKI/SDSI is a language for expressing distributed access control policy, derived from SPKI and SDSI. We provide a first-order logic (FOL) semantics for SDSI, and show that it has several advantages over previous semantics. For example, the FOL semantics is easily extended to additional policy concepts and gives meaning to a larger class of access control and other policy analysis queries. We prove that the FOL semantics is equivalent to the string rewriting semantics used by SDSI designers, for all queries associated with the rewriting semantics. We also provide a FOL semantics for SPKI/SDSI. This reveals some problems. For example, the standard proof procedure in RFC 2693 is semantically incomplete. In addition, as noted before by other authors, authorization tags in SPKI/SDSI are algorithmically problematic, making a complete proof procedure unlikely. We compare SPKI/SDSI with RT/sub 1//sup C/, which is a language in the RT role-based trust-management framework that can be viewed as an extension of SDSI. The constraint feature of /sub 1//sup C/, based on constraint datalog, provides an alternative mechanism that is expressively similar to SPKI/SDSI tags, semantically natural, and algorithmically tractable.

[1]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[2]  Ninghui Li,et al.  RTML: A Role-based Trust-management Markup Language , 2002 .

[3]  Ninghui Li,et al.  Local names in SPKI/SDSI , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[4]  Jon Howell,et al.  A Formal Semantics for SPKI , 2000, ESORICS.

[5]  Ninghui Li,et al.  Beyond proof-of-compliance: safety and availability analysis in trust management , 2003, 2003 Symposium on Security and Privacy, 2003..

[6]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[7]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[8]  Jean H. Gallier,et al.  Linear-Time Algorithms for Testing the Satisfiability of Propositional Horn Formulae , 1984, J. Log. Program..

[9]  Gabriel M. Kuper,et al.  Constraint Query Languages , 1995, J. Comput. Syst. Sci..

[10]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[11]  Gopalan Nadathur,et al.  Uniform Proofs as a Foundation for Logic Programming , 1991, Ann. Pure Appl. Log..

[12]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[13]  David Kotz,et al.  Naming and sharing resources across administrative boundaries , 2000 .

[14]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[15]  Joseph Y. Halpern,et al.  A Logic for SDSI's Linked Local Name Spaces , 2001, J. Comput. Secur..

[16]  Gopalan Nadathur,et al.  Correspondences between classical, intuitionistic and uniform provability , 1998, Theor. Comput. Sci..

[17]  Mads Dam,et al.  A note on SPKI's authorisation syntax , 2002 .

[18]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[19]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[20]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[21]  Joseph Y. Halpern,et al.  A logical reconstruction of SPKI , 2003 .

[22]  Somesh Jha,et al.  Analysis of SPKI/SDSI certificates using model checking , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[23]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.