Li, N.: Local Names in SPKI/SDSI. In: Proceedings of The 13th Computer Security Foundations Workshop, IEEE Computer Society Press (2000) 2--15  Home/Search   Document Details and Download   Summary   Related Articles   Check

....size. However, when the credential pool is large, or when the frequency of changes to the credential pool (particularly deletions, such as credential expirations or revocations) approaches the frequency of queries against the pool, the e#ciency of the bottom up approach deteriorates rapidly. Li [15] gave a 4 rule logic program to calculate meanings of SDSI credentials. Cyclic dependencies are handled by using XSB [11] to evaluate the program. XSB, unlike most other Prolog engines, uses an extension table mechanism and guarantees termination of a large class of programs, including, but not ....

....limited to, all Datalog programs. Yet, for many trust management applications, this solution is excessively heavy weight. Even the stripped down version of XSB is several megabytes, while the jar file of the current RT 0 engine is less than 40KB. Moreover, based on our past experience using XSB [14, 15], it is often hard to integrate with XSB closely; and one has less control than needed during the inference process. For example, it would be hard to interleave credential collection with inferencing steps, as needed for distributed chain discovery. Because we seek techniques that work well when ....

Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 2--15. IEEE Computer Society Press, July 2000.

....size. However, as the frequency of changes to the credential pool (particularly deletions, such as credential expirations or revocations) approaches the frequency of queries against the pool, the e#ciency of the bottom up approach deteriorates rapidly, particularly when pool size is large. Li [15] gave a 4 rule logic program to calculate meanings of SDSI credentials. Cyclic dependencies are managed by using XSB [18] to evaluate the program. XSB s extension table mechanism avoids non termination problems to which other Prolog engines succumb. Yet, for many trustmanagement applications, this ....

Ninghui Li. Local Names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 2--15. IEEE Computer Society Press, 2000.

....formally compare this with capability revocation later in the paper. Current trust management systems [6, 8, 5] include other features like support for local name spaces and certificate authorization hierarchies. While these additions are useful, and it is important to understand them formally [1, 13, 19], they are orthogonal to the basic access control mechanism at the heart of trust management. Thus our model for trust management comprises of the following: 1. World State (WS) The world state contains a set O of objects, a set R of rights and two maps A (bounded RootACL) and D (bounded ....

N. Li. Local names in SPKI/SDSI. Proceedings of the 13th Computer Security Foundations Workshop, pages 2--15, July 2000.

....size. However, as the frequency of changes to the credential pool (particularly deletions, such as credential expirations or revocations) approaches the frequency of queries against the pool, the e#ciency of the bottom up approach deteriorates rapidly, particularly when pool size is large. Li [14] gave a 4 rule logic program to calculate meanings of SDSI credentials. Cyclic dependencies are managed by using XSB [17] to evaluate the program. XSB s extension table mechanism avoids non termination problems to which other Prolog engines succumb. Yet, for many trustmanagement applications, this ....

Ninghui Li. Local Names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 2--15. IEEE Computer Society Press, 2000.

....as complicated as reduction itself, and requires O(c 3 ) space. The least fixpoint computation above automatically and efficiently performs certificate path discovery and subsumes the reductions necessary to make the trust management decision. Another approach to specifying SPKI is presented in [16], which gives a simple Prolog program in which the rules correspond to tuple reduction. For a given trust management decision, each assertion is translated to a fact and added to the logic program. The least fixpoint semantics of Prolog then includes all authorizations derivable by combining the ....

N. Li. Local names in SPKI/SDSI 2.0. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, July 2000.

....By not having expiry dates and not allowing revocation, we get a time independent monotonicity property: having more certificates could never mean that fewer keys were bound to a given name. Heavy use seems to be made of monotonicity in our earlier work. 1 A number of authors have 1 Ninghui Li [8] has erroneously claimed that LLNC is nonmonotonic. 1 developed logical accounts of authorization based on nonmonotonic logics [16, 7, 9, 10] and it has been suggested that revocation should be modeled using a nonmonotonic logic [9, 10] We take the contrary position here. We show that there is ....

N. Li. Local names in SPKI/SDSI. In Proc. 13th IEEE Computer Security Foundations Workshop, pages 2--15. IEEE Press, 2000. 11

No context found.

Li, N.: Local Names in SPKI/SDSI. Proceedings of the IEEE CSFW (2000).

No context found.

N. Li, Local names in SPKI/SDSI 2.0, in: Proceedings of the 13th IEEE Computer Security Foundations Workshop, 2000.

No context found.

Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 2--15. IEEE Computer Society Press, July 2000.

No context found.

N. Li. Local names in SPKI/SDSI 2.0. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, July 2000.

No context found.

Ninghui Li, "Local Names for SPKI/SDSI," in Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), pp. 2--15, IEEE Computer Society Press, Los Alamitos, CA, 2000. http://cs.nyu.edu/ninghui/papers/csfw13.ps

....inclusion relationship between two such sets. Howell and Kotz [19] model SDSI s naming scheme within the framework of the Logic of Authentication due to Abadi, Lampson, and others [2, 22] with particular emphasis on the possible advantages and dangers of various proposed extensions to SDSI. Li [23] shows how to interpret SPKI SDSI s local names (including authorization certi cations and threshold subjects) using logic programs and proves that his interpretation is equivalent to the original SPKI SDSI de nitions; he also shows how to interpret local names as distributed roles. We note that ....

....that possess that attribute. The state of California might de ne groups age over 21 , state employee , registered voter for 2000 , or welfare recipient . 3.4 Extended names, names, and terms. SPKI SDSI has extended names as well as local names. These are called compound names by Li [23]. De nition 4 An extended name is a sequence consisting of a key followed by two or more identi ers. A name is thus either a local name or an extended name. Extended names expand the expressive power of SPKI SDSI, but do not have separate de nitions; their meaning is de ned in terms of the ....

Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 2-15. IEEE Computer Society Press, 2000.

No context found.

Li, N.: Local Names in SPKI/SDSI. In: Proceedings of The 13th Computer Security Foundations Workshop, IEEE Computer Society Press (2000) 2--15

No context found.

N. Li. Local names in SPKI/SDSI. Proceedings of the 13th Computer Security Foundations Workshop, pages 2--15, July 2000.

No context found.

LI, N. (2000). Local Names in SPKI/SDSI. In: proceedings of the IEEE Computer Security Foundations Workshop.

No context found.

Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 2--15, July 2000.

No context found.

Ninghui Li. Local names in SPKI/SDSI. Proceedings of the 13th Computer Security Foundations Workshop, pages 2--15, July 2000.

No context found.

Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 2--15. IEEE Computer Society Press, July 2000. 16

No context found.

Ninghui Li. Local names in SPKI/SDSI. Proceedings of the 13th Computer Security Foundations Workshop, pages 2--15, July 2000.

No context found.

Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 2--15. IEEE Computer Society Press, July 2000.

No context found.

Ninghui Li. Local names in SPKI/SDSI. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 2--15. IEEE Computer Society Press, July 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC