Presentation is loading. Please wait.

Presentation is loading. Please wait.

1st PKI Research Workshop, NIST, Gaithersburg 20021 A Note On SPKI’s Authorisation Syntax Olav Bandmann* Industrilogik L4i AB Mads Dam KTH/IMIT *Work done.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1st PKI Research Workshop, NIST, Gaithersburg 20021 A Note On SPKI’s Authorisation Syntax Olav Bandmann* Industrilogik L4i AB Mads Dam KTH/IMIT *Work done."— Presentation transcript:

1 1st PKI Research Workshop, NIST, Gaithersburg 20021 A Note On SPKI’s Authorisation Syntax Olav Bandmann* Industrilogik L4i AB Mads Dam KTH/IMIT *Work done while at SICS, Swedish Institute of Computer Science. Supported by Microsoft Research, Cambridge

2 1st PKI Research Workshop, NIST, Gaithersburg 20022 SPKI SPKI: Approach based on binding names and authorisations to keys SPKI authorisation certificate (issuer, subject, propagate, tag, validity) Tags (= authorisation expressions) given in special S-expression (LISP-like) syntax

3 1st PKI Research Workshop, NIST, Gaithersburg 20023 Tuple Reduction Decisions resolved by tuple reduction –Cert vs cert –Request vs cert For tags, compute Z = AIntersect(X,Y), the most inclusive authorisation granted by both X and Y

4 1st PKI Research Workshop, NIST, Gaithersburg 20024 Contributions Problem: AIntersect is not suitable for space/time critical applications In this paper: Restricted syntax which –Conforms with SPKI ”practice” (we think) –Has n log n procedure Other contributions: –Authorisation preorder  –Sound and complete axiomatisation for Standard syntax Restricted syntax

5 1st PKI Research Workshop, NIST, Gaithersburg 20025 Objections But: –SPKI authorisation expressions (tags) are small –Requests do not involve the set construction It depends... –For hand-crafted certs and standard usage, maybe so –For e.g. macros, precomputation, richer delegation logics, maybe not More on this later

6 1st PKI Research Workshop, NIST, Gaithersburg 20026 Authorisation Trees Rivest S-expressions – example: x = (object person (conds (group ”admin”) (unit ”finance”)) (op income read)) Authorisation and request in same syntax: y = (object person (conds (group ”admin”)) (op income read)) z = (object person (conds (group ”admin”) (unit ”finance”)) (op income)) Both y and z would grant x –”Being authorised by” = lists are extended to right

7 1st PKI Research Workshop, NIST, Gaithersburg 20027 Authorisation Order Authorisation trees: t ::= a | (a t 1... t n ) where a is an atom, n ≥ 1 Authorisation order t 1  t 2, t 1 authorised by t 2 : –a ≤ t iff t ≤ a iff t=a –(x 1... x n ) ≤ (y 1... y m ) iff n ≥ m and x i ≤ y i (1 ≤ i ≤ m) Can show that: t 1 =AIntersection(t 1,t 2 ) iff t 1  t 2

8 1st PKI Research Workshop, NIST, Gaithersburg 20028 Star Forms * forms abbreviate sets of S-expressions: –(*) : The wildcard –(* set X 1... X n ): Union of X 1,...,X n –(* range ) –(* prefix ) Example: t = (object person (conds (group ”admin”) (* set (unit ”finance”) (type ”Managers”))) (op income (* set read write)))

9 1st PKI Research Workshop, NIST, Gaithersburg 20029 S-Expressions Set constants b, Val(b) nonempty set of atoms X ::= (*) | a | b | (a X 1... X n ) | (* set X 1... X m ) Semantics: || b || = Val(b) || (X 1... X n ) || = {(t 1... t k ) | k  n,  i:1  i  n t i  || X i ||} || (* set X 1... X m ) || = || X 1 || ...  || X m || Obs: || X || is lower closed: t 1  t 2  || X ||  t 1  || X ||

10 1st PKI Research Workshop, NIST, Gaithersburg 200210 S-Expression Preorder Def. X ≤ Y iff || X ||  || Y || ||. || not suitable for algorithm Computes all paths through a tree Set constants (range, prefix) may give infinite sets Task: Decide - without computing ||. ||: Given t and X is t  X? Given X and Y, is X  Y?

11 1st PKI Research Workshop, NIST, Gaithersburg 200211 Weak Preorder Let X ≤ w Y iff one of: 1 - 4.... 5.X=b 1, Y=b 2 and Val(b 1 )  Val(b 2 ) 6.X = (X 1... X m ), Y = (Y 1... Y n ), m≥n, and X i ≤ w Y i, 1≤i≤m 7.X = (* set X 1... X m ), X i ≤ w Y for all 1≤i≤m 8.X = b, Y = (* set...) and... 9.X not b nor (* set...) form, Y = (* set Y 1... Y n ) and X ≤ w Y i for some i: 1≤i≤n

12 1st PKI Research Workshop, NIST, Gaithersburg 200212 Weak Preorder Let X ≤ w Y iff one of: 1 - 4.... 5.X=b 1, Y=b 2 and Val(b 1 )  Val(b 2 ) 6.X = (X 1... X m ), Y = (Y 1... Y n ), m≥n, and X i ≤ w Y i, 1≤i≤m 7.X = (* set X 1... X m ), X i ≤ w Y for all 1≤i≤m 8.X = b, Y = (* set...) and... 9.X not b nor (* set...) form, Y = (* set Y 1... Y n ) and X ≤ w Y i for some i: 1≤i≤n

13 1st PKI Research Workshop, NIST, Gaithersburg 200213 Basic Properties Results:  w is a preorder  w is sound, i.e. X  w Y implies X  Y  w is incomplete Example: (a (* set b c))  (* set (a b) (a c)) but neither (a (* set b c))  (a b) nor (a (* set b c))  (a c)

14 1st PKI Research Workshop, NIST, Gaithersburg 200214 (9) Is Problem Case Replace 9.X not b nor (* set...) form, Y = (* set Y 1... Y n ) and X ≤ w Y i for some i: 1≤i≤n By ix.X not b nor (* set...) form, Y = (* set Y 1... Y n ) and || X ||  || Y || Theorem: Preorder with ix. in place of 9. is sound and complete w.r.t. 

15 1st PKI Research Workshop, NIST, Gaithersburg 200215 Restricted S-Expressions Non-atomic members of *-set expressions should have unique ”tag” r ::= (*) | a | b | (a r 1... r n ) | (* set r a1... r am ) r a ::= a’ | b | (a r 1... r n ) All a i must be distinct Idea: Push ”conflicts” to the leaves: (a (* set (b c) (b d) b)) -> (a (* set (b (* set c d)) b))

16 1st PKI Research Workshop, NIST, Gaithersburg 200216 Restricted S-Expressions, 2 Result: For the restricted syntax  w is sound and complete: r 1  r 2 iff r 1  w r 2 Result: Any S-expression can be rewritten into equivalent restricted S-expression By: Eliminating ”tag conflicts” and nested *-sets

17 1st PKI Research Workshop, NIST, Gaithersburg 200217 AIntersect Assume the Val(b) closed under intersections Exploit ”tags” when computing AIntersect (details in paper) Possible n log n algorithm: Sort *-set expressions according to tag, then use binary search Obtain: || AIntersect(r,r’) || = || r || iff r ≤ r’

18 1st PKI Research Workshop, NIST, Gaithersburg 200218 Summary Characterisation of SPKI authorisation relation as partial order ≤ Weak version ≤ w of ≤ –Sound, incomplete, x ≤ w y computable in time O(|x||y|) Restricted S-expression syntax –≤ w complete –Appears to reflect SPKI practice AIntersect is glb with respect to ≤ –Running time n log n

19 1st PKI Research Workshop, NIST, Gaithersburg 200219 The Objections 1.Certificates are small 2.Requests do not involve *-set expressions Does this hold water?

20 1st PKI Research Workshop, NIST, Gaithersburg 200220 The Objections, 2 1.What is SPKI practice? 2.SPKI cert-cert reductions can involve *-sets in both arg’s – are they sometimes time critical? 3.Cannot application program-generated certs become quite complex/large? –Ex: Request precomputation –Ex: Use *-set’s as macros, e.g. MidWestLocs = (* set... (loc Nebraska Lincoln) (loc Kansas Topeka Centre) (loc Kansas Topeka North)... )

21 1st PKI Research Workshop, NIST, Gaithersburg 200221 Related Work: Delegation AB A to delegate authority to B to administer A’s security policies

22 1st PKI Research Workshop, NIST, Gaithersburg 200222 Delegation, 2 Richer models of delegation Constrained delegation: Explicit issuance of new privileges Delegation tree constraints (a b* c) Stepwise refinement of constraints (requests) Forthcoming: SPKI + Kleene star Papers: Sadighi, Sergot, Bandmann - Security protocols 01 Bandmann, Dam, Sadighi - S&P 02

Download ppt "1st PKI Research Workshop, NIST, Gaithersburg 20021 A Note On SPKI’s Authorisation Syntax Olav Bandmann* Industrilogik L4i AB Mads Dam KTH/IMIT *Work done."

Similar presentations

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
 Dr. Vered Gafni 1 LTL Decidability Enables consistency check, but also base for verification.

 Dr. Vered Gafni 1 LTL Decidability Enables consistency check, but also base for verification.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Relational Algebra & Calculus. 2 Relational Query Languages  Query languages: Allow manipulation and retrieval of data from a database.  Relational.

1 Relational Algebra & Calculus. 2 Relational Query Languages  Query languages: Allow manipulation and retrieval of data from a database.  Relational.
CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.

CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
1 Chapter 10 Query Processing: The Basics. 2 External Sorting Sorting is used in implementing many relational operations Problem: –Relations are typically.

1 Chapter 10 Query Processing: The Basics. 2 External Sorting Sorting is used in implementing many relational operations Problem: –Relations are typically.
Lecture 8 Recursively enumerable (r.e.) languages

Lecture 8 Recursively enumerable (r.e.) languages
Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.

Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.
Catriel Beeri Pls/Winter 2004/5 type reconstruction 1 Type Reconstruction & Parametric Polymorphism  Introduction  Unification and type reconstruction.

Catriel Beeri Pls/Winter 2004/5 type reconstruction 1 Type Reconstruction & Parametric Polymorphism  Introduction  Unification and type reconstruction.
1 CMSC424, Spring 2005 CMSC424: Database Design Lecture 9.

1 CMSC424, Spring 2005 CMSC424: Database Design Lecture 9.
Knoweldge Representation & Reasoning

Knoweldge Representation & Reasoning
Unit 11a 1 Unit 11: Data Structures & Complexity H We discuss in this unit Graphs and trees Binary search trees Hashing functions Recursive sorting: quicksort,

Unit 11a 1 Unit 11: Data Structures & Complexity H We discuss in this unit Graphs and trees Binary search trees Hashing functions Recursive sorting: quicksort,
ESE601: Hybrid Systems Introduction to verification Spring 2006.

ESE601: Hybrid Systems Introduction to verification Spring 2006.
1 Query Processing: The Basics Chapter 13. 2 Topics How does DBMS compute the result of a SQL queries? The most often executed operations: –Sort –Projection,

1 Query Processing: The Basics Chapter Topics How does DBMS compute the result of a SQL queries? The most often executed operations: –Sort –Projection,
ECE 667 Synthesis and Verification of Digital Systems

ECE 667 Synthesis and Verification of Digital Systems
1 Relational Algebra and Calculus Yanlei Diao UMass Amherst Feb 1, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.

1 Relational Algebra and Calculus Yanlei Diao UMass Amherst Feb 1, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.

Similar presentations

Ads by Google