Trust metrics for SPKI/SDSI
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
I propose to extend the SPKI/SDSI authorization protocol to allow for quantitative trust specification. SPKI/SDSI is a distributed certificate system that enhances Public Key Infrastructure (PKI) and allows for issuing authorization certificates granting permissions to access selected parts of privileged data not only to single principals, but also to user defined groups. The fact that the protocol is decentralized and there is no designated entity that verifies the identity of the users of the system makes the trustfulness vary significantly from one user to another. In order to tackle this problem in decentralized PKI systems many trust metrics were created for computing how much one can trust a given user. I would like to apply two of these metrics in the SPKI/SDSI setting. In order to do that I will introduce and study several new models that are based on Labeled Pushdown Graphs, which are graphs generated by pushdown systems with labeled transitions. A robust extension of SPKI/SDSI with quantitative trust management will enhance its capabilities and potentially foster its usage in real-life computer systems.
Organisations
People |
ORCID iD |
Dominik Wojtczak (Principal Investigator) |
Publications
Alur R
(2012)
Optimal scheduling for constant-rate multi-mode systems
Apt K
(2016)
Coordination Games on Directed Graphs
in Electronic Proceedings in Theoretical Computer Science
Apt K
(2016)
Logics in Artificial Intelligence
Apt K
(2017)
Common Knowledge in a Logic of Gossips
in Electronic Proceedings in Theoretical Computer Science
Brázdil T
(2010)
One-Counter Markov Decision Processes
Brázdil T
(2012)
Automata, Languages, and Programming
Chatterjee K
(2013)
Logic for Programming, Artificial Intelligence, and Reasoning
Etessami K
(2010)
Quasi-Birth-Death Processes, Tree-Like QBDs, Probabilistic 1-Counter Automata, and Pushdown Systems
in Performance Evaluation
Kiefer S
(2017)
Parity objectives in countable MDPs
Kiefer S
(2017)
On strong determinacy of countable stochastic games
Description | The aim was to extend the SPKI/SDSI authorisation protocol to allow for quantitative trust specification. SPKI/SDSI is a distributed certificate system that enhances Public Key Infrastructure (PKI) and allows for issuing authorisation certificates granting permissions to access selected parts of privileged data not only to single principals, but also to user defined groups. The fact that the protocol is decentralised and there is no designated entity that verifies the identity of the users of the system makes the trustfulness vary significantly from one user to another. In order to tackle this problem in decentralised PKI systems many trust metrics were created for computing how much one can trust a given user. The aim was to apply two of these metrics in the SPKI/SDSI setting. As it has turned out the computational complexity of computing these metric is high, but it is still possible to compute their value in practice using heuristics and Monte Carlo simulations. |
Exploitation Route | A robust extension of SPKI/SDSI with quantitative trust management as developed in this project enhances its capabilities and potentially can foster its usage in real-life computer systems. |
Sectors | Aerospace, Defence and Marine,Creative Economy,Digital/Communication/Information Technologies (including Software) |
Title | Spookey |
Description | Spookey is a tool that allows for computation of trust metrics for SPKI/SDSI certificate sets. It is a proof of concept tool used later in a conference publication. |
Type Of Technology | Software |
Year Produced | 2011 |
Impact | Dominik Wojtczak. Trust Metrics for the SPKI/SDSI Authorisation Framework. Appeared in the 9th International Symposium on Automated Technology for Verification and Analysis, pages 168-182 |
URL | http://cgi.csc.liv.ac.uk/~dominik/spookey/ |