SD3: a trust management system with certified evaluation
- 13 November 2002
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
We introduce SD3, a trust management system consisting of a high-level policy language, a local policy evaluator, and a certificate retrieval system. A unique feature of SD3 is its certified evaluator: as the evaluator computes the answer to a query, it also computes a proof that the answer follows from the security policy. Before the answer is returned, the proof is passed through a simple checker, and incorrect proofs are reported as errors. The certified evaluator reduces the trusted computing base and greatly increases our confidence that the answers produced by the evaluator follow from the specification, despite complex optimizations. To illustrate SD3's capabilities, we show how to implement a secure name service, similar to DNSSEC, entirely in SD3.Keywords
This publication has 14 references indexed in Scilit:
- Access control in an open distributed environmentPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Access control meets public key infrastructure, or: assigning roles to strangersPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Dynamically distributed query evaluationPublished by Association for Computing Machinery (ACM) ,2001
- Policy-directed certificate retrievalSoftware: Practice and Experience, 2000
- Translation validation for an optimizing compilerPublished by Association for Computing Machinery (ACM) ,2000
- Proof-carrying authenticationPublished by Association for Computing Machinery (ACM) ,1999
- On SDSI’s linked local name spacesJournal of Computer Security, 1998
- REFEREE: trust management for Web applicationsComputer Networks and ISDN Systems, 1997
- A calculus for access control in distributed systemsACM Transactions on Programming Languages and Systems, 1993
- A logic of authenticationACM Transactions on Computer Systems, 1990