Access control on the Web using proof-carrying authorization

We describe a system for access control on the Web that is based on the ideas of proof-carrying authorization (PCA). Our system is implemented as modules that extend a standard Web server and Web browser to use PCA to control access to Web pages. The Web browser generates proofs mechanically by iteratively fetching proof components until a proof can be constructed. We provide for iterative authorization, by which a server can require a browser to prove a series of challenges. Our implementation includes a series of optimizations, such as speculative proving, and modularizing and caching proofs, and demonstrates that the goals of generality, flexibility, and interoperability are compatible with reasonable performance.

[1]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[2]  Dirk Balfanz,et al.  A security infrastructure for distributed Java applications , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3]  Alonzo Church,et al.  A formulation of the simple theory of types , 1940, Journal of Symbolic Logic.

[4]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[5]  Vipin Samar Single sign-on using cookies for Web applications , 1999, Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99).

[6]  Joan Feigenbaum,et al.  Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation , 2002, Financial Cryptography.

[7]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[8]  Peter Honeyman,et al.  Kerberized Credential Translation: A Solution to Web Access Control , 2001, USENIX Security Symposium.

[9]  Andrew W. Appel,et al.  A Trustworthy Proof Checker , 2004, Journal of Automated Reasoning.

[10]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[11]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[12]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[13]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.

[14]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[15]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[16]  Joseph Y. Halpern,et al.  A Logic for SDSI's Linked Local Name Spaces , 2001, J. Comput. Secur..

[17]  Benjamin N. Grosof,et al.  A practically implementable and tractable delegation logic , 2000, S&P 2000.

[18]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[19]  Pietro Iglio,et al.  Role templates for content-based access control , 1997, RBAC '97.

[20]  Lawrence C. Stewart,et al.  Firefly: a multiprocessor workstation , 1987, ASPLOS 1987.

[21]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[22]  Andrew J. Maywah,et al.  An implementation of a secure web client using SPKI/SDSI certificates , 2000 .

[23]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[24]  Peter B. Andrews An introduction to mathematical logic and type theory - to truth through proof , 1986, Computer science and applied mathematics.

[25]  Joseph Y. Halpern,et al.  A logic for SDSI's linked local name spaces: preliminary version , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[26]  Peter B. Andrews Classical Type Theory , 2001, Handbook of Automated Reasoning.

[27]  Martín Abadi,et al.  Authentication in the Taos operating system , 1993, SOSP '93.

[28]  Lujo Bauer,et al.  A General and Flexible Access-Control System for the Web , 2002, USENIX Security Symposium.

[29]  Dwaine E. Clarke,et al.  SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI , 2001 .

[30]  Martín Abadi On SDSI's linked local name spaces , 1998 .

[31]  George C. Necula,et al.  Efficient Representation and Validation of Logical Proofs , 1997, LICS 1997.

[32]  Jean-Emile Elien,et al.  Certificate discovery using SPKI/SDSI 2.0 certificates , 1998 .

[33]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[34]  Carl A. Gunter,et al.  Policy‐directed certificate retrieval , 2000 .

[35]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[36]  Joyce K. Reynolds,et al.  Executive Introduction to Directory Services Using the X.500 Protocol , 1992, RFC.

[37]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[38]  Emil C. Lupu,et al.  Reconciling role based management and role based access control , 1997, RBAC '97.

[39]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[40]  Joan Feigenbaum,et al.  A logic-based knowledge representation for authorization with delegation , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.