Abstract:
We give goal-oriented algorithms for discovering credential chains in RT0, a role-based trust-management language introduced in this paper. The algorithms search credential graphs, a representation of RT0 credentials. We prove that evaluation based on reachability in credential graphs is sound and complete with respect to the set-theoretic semantics of RT0. RT0 is more expressive than SDSI 2.0, so our algorithms can perform chain discovery in SDSI 2.0, for which existing algorithms in the literature either are not goal-oriented or require using specialized logic-programming inferencing engines. Being goal-oriented enables our algorithms to be used when credential storage is distributed. We introduce a type system for credential storage that guarantees well-typed, distributed credential chains can be discovered.
Reference:
In Proceedings of the Eighth ACM Conference on Computer and
Communications Security, pages 156--165. ACM Press, November 2001.
Paper: PDF.
Related papers:
Superseded by the full version to appear in
Journal of Computer Security.
BibTex Data:
@InProceedings{LWM01, author = "Ninghui Li and William H. Winsborough and John C. Mitchell", title = "Distributed Credential Chain Discovery in Trust Management (Extended Abstract)", booktitle = "Proceedings of the Eighth ACM Conference on Computer and Communications Security", publisher = "ACM Press", month = nov, year = "2001", pages = "156--165", }