Abstract
Trust Management systems are typically explicit in their assumption that principals are uniquely identifiable. However, the literature has not been as prescriptive concerning the uniqueness of the permissions delegated by principals. Delegation subterfuge may arise when there is ambiguity concerning the uniqueness and interpretation of a permission. As a consequence, delegation chains that are used by principals to prove authorization may not actually reflect the original intention of all of the participants in the chain. This paper describes an extension to SPKI/SDSI that uses the notion of linked local permissions to eliminate ambiguity concerning the interpretation of a permission and thereby avoid subterfuge attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Guidelines for the issuance and management of extended validation certificates. Tech. rep., CA/Browser Forum (2009), http://cabforum.org/Guidelines_v1_2.pdf
Abadi, M.: On sdsi’s linked local name spaces. In: Proceedings of the 10th Computer Security Foundations Workshop (CSFW 1997), p. 98. IEEE Computer Society, Washington, DC, USA (1997)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The keynote trust-management system, version 2 (September 1999)
Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the Policymaker Trust Management System. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998)
CCITT Draft Recomendation: The Directory Authentication Framework, Version 7 (November 1987)
Clarke, D., Elien, J., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in spki/sdsi. Journal of Computer Security 9(4), 285–322 (2001)
Ellison, C.: The nature of a usable PKI. Computer Networks 31, 823–830 (1999)
Feeney, K., Lewis, D., O’Sullivan, D.: Service oriented policy management for web-application frameworks. IEEE Internet Computing Magazine 6(13), 39–47 (2009)
Feeney, K., Brennan, R., Foley, S.N.: A trust model for capability delegation in federated policy systems. In: International Conference on Network and Service Management, pp. 226–229. IEEE (2010)
Foley, S.N., Zhou, H.: Authorisation subterfuge by delegation in decentralised networks. In: International Security Protocols Workshop, Cambridge, UK (April 2005)
Foley, S.: Noninterference analysis of delegation subterfuge. In: IEEE Computer Security Foundations Workshop, short-presentations (2006)
Li, J., Li, N., Winsborough, W., Mitchell, J.C.: Distributed Credential Chain Discovery in Trust Management. Journal of Computer Security 11(1) (2003)
Rivest, R.: S-expressions. In: Internet Draft draft-rivest-sexp-00.txt, IEFT Network Working Group (1997)
Zeller, T.: Purloined domain name is an unsolved mystery. New York Times (January 18, 2005)
Zhou, H., Foley, S.N.: A Logic for Analysing Subterfuge in Delegation Chains. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 127–141. Springer, Heidelberg (2006)
Zhou, H., Foley, S.N.: A framework for establishing decentralized secure coalitions. In: Proceedings of IEEE Computer Security Foundations Workshop. IEEE CS Press (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Foley, S.N., Abdi, S. (2012). Avoiding Delegation Subterfuge Using Linked Local Permission Names. In: Barthe, G., Datta, A., Etalle, S. (eds) Formal Aspects of Security and Trust. FAST 2011. Lecture Notes in Computer Science, vol 7140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29420-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-29420-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29419-8
Online ISBN: 978-3-642-29420-4
eBook Packages: Computer ScienceComputer Science (R0)