Skip to main content
SpringerLink
Log in

A Model for Distribution and Revocation of Certificates

  • Conference paper
Book cover Graph Transformations (ICGT 2010)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 6372))

Included in the following conference series:

  • 560 Accesses

Abstract

The distribution and revocation of public-key certificates are essential aspects of secure digital communication. As a first step towards a methodology for the development of reliable models, we present a formalism for the specification and reasoning about the distribution and revocation of public keys, based on graphs. The model is distributed in nature; each entity can issue certificates for public keys that it knows, and distribute these to other entities. Each entity has its own public key bases and can derive new certificates from this knowledge. If some of the support for the derived knowledge is revoked, then some of the derived certificates may be revoked as well. Cyclic support is avoided. Graph transformation rules are used for the management of the certificates, and we prove soundness and completeness for our model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cooper, D.A.: A closer look at revocation and key compromise in public key infrastructures. In: Proceedings of the 21st National Information Systems Security Conference, pp. 555–565 (1998)

    Google Scholar 

  2. Fox, B., LaMacchia, B.: Certificate revocation: Mechanics and meaning. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 158–164. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  3. Gunter, C.A., Jim, T.: Generalized certificate revocation. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 316–329 (2000)

    Google Scholar 

  4. Housley, R., Ford, W., Polk, T., Solo, D.: Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile. Technical Report RFC 3280, IETF X.509 Public Key Infrastructure Working Group, PKIX (2002)

    Google Scholar 

  5. Hagström, Å., Jajodia, S., Parisi-Presicce, F., Wijesekera, D.: Revocations — a classification. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada (2001)

    Google Scholar 

  6. Maurer, U.: Modelling a public-key infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)

    Google Scholar 

  7. Stubblebine, S.G., Wright, R.N.: An authentication logic supporting synchronization, revocation, and recency. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, New Delhi, India, pp. 95–105 (1996)

    Google Scholar 

  8. Kudo, M., Mathuria, A.: An extended logic for analyzing timed-release public-key protocols. In: ISICS, pp. 183–198 (1999)

    Google Scholar 

  9. Li, N., Feigenbaum, J., Grosof, B.N.: A logic-based knowledge representation for authorization with delegation (extended abstract). In: Proceedings of the 12th IEEE Computer Security Foundations Workshop (1999)

    Google Scholar 

  10. Li, N.: Delegation Logic: A Logic-based Approach to Distributed Authorization. PhD thesis, New York University, Chapter 4: A Nonmonotonic Delegation Logic (2000)

    Google Scholar 

  11. Liu, C., Ozols, M., Cant, T.: An axiomatic basis for reasoning about trust in pkis. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 274–291. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. Simmons, G.J., Meadows, C.: The role of trust in information integrity protocols. Journal of Computer Security 3, 71–84 (1995)

    Google Scholar 

  13. Kohlas, R., Maurer, U.: Reasoning about public-key certification: On bindings between entities and public keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, p. 86. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  14. Wright, R.N., Lincoln, P.D., Millen, J.K.: Efficient fault-tolerant certificate revocation. In: [19], pp. 19–24

    Google Scholar 

  15. Aura, T.: On the structure of delegation networks. In: Proceedings of the 11th IEEE Computer Security Foundations Workshop, Rockport, MA (1998)

    Google Scholar 

  16. Buldas, A., Laud, P., Lipmaa, H.: Acountable certificate management using undeniable attestations. In: [19]

    Google Scholar 

  17. Bottoni, P., Koch, M., Parisi-Presicce, F., Taentzer, G.: Termination of high-level replacement units with application to model transformation. ENTCS 127(4), 71–86 (2005)

    Google Scholar 

  18. Rozenberg, G. (ed.): Handbook of Graph Grammars and Computing by Graph Transformation. Foundations, vol. I. World Scientific, Singapore (1997)

    Google Scholar 

  19. Samarati, P. (ed.): Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Lawson Software,  

    Åsa Hagström

  2. Dipartimento di Informatica, Sapienza Universitá di Roma,  

    Francesco Parisi-Presicce

Authors
  1. Åsa Hagström
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francesco Parisi-Presicce
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Softwaretechnik und Theoretische Informatik, Technische Universität Berlin, Franklinstr. 28/29, 10587, Berlin, Germany

    Hartmut Ehrig

  2. Afdeling Informatica, Universiteit Twente, Drienerlolaan 5, 7522, Enschede, NB, The Netherlands

    Arend Rensink

  3. Leiden Institute of Advanced Computer Science (LIACS), Universiteit Leiden, Niels Bohrweg 1, 2333, Leiden, CA, The Netherlands

    Grzegorz Rozenberg

  4. Fachgebiet Echtzeitsysteme, Technische Universität Darmstadt, Merckstraße 25, 64283, Darmstadt, Germany

    Andy Schürr

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hagström, Å., Parisi-Presicce, F. (2010). A Model for Distribution and Revocation of Certificates. In: Ehrig, H., Rensink, A., Rozenberg, G., Schürr, A. (eds) Graph Transformations. ICGT 2010. Lecture Notes in Computer Science, vol 6372. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15928-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15928-2_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15927-5

  • Online ISBN: 978-3-642-15928-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation