Model checking SPKI/SDSI

Somesh Jha and Thomas Reps.

In Journal of Computer Security 12, 3–4 (2004), 317–353.

SPKI/SDSI is a framework for expressing naming and authorization issues that arise in a distributed-computing environment. In this paper, we establish a connection between SPKI/SDSI and a formalism known as pushdown systems (PDSs). We show that the SPKI/SDSI-to-PDS connection provides a framework for formalizing a variety of certificate-analysis problems. Moreover, the connection has computational significance: Many analysis problems can be solved efficiently (i.e., in time polynomial in the size of the certificate set) using existing algorithms for model checking pushdown systems.

Paper: [pdf] [ps]

An earlier version of this paper is available as a conference publication.

This page updated October 16, 2005.