{"title":"SD3:具有认证评估的信任管理体系","authors":"T. Jim","doi":"10.1109/SECPRI.2001.924291","DOIUrl":null,"url":null,"abstract":"We introduce SD3, a trust management system consisting of a high-level policy language, a local policy evaluation, and a certificate retrieval system. A unique feature of SD3 is its certified evaluator. As the evaluator computes the answer to a query, it also computes a proof that the answer follows from the security policy. Before the answer is returned, the proof is passed through a simple checker and incorrect proofs are reported as errors. The certified evaluator reduces the trusted computing base and greatly increases our confidence that the answers produced by the evaluator follow from the specification, despite complex optimizations. To illustrate SD3's capabilities, we show how to implement a secure name service, similar to DNSSEC, entirely in SD3.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"26 5 1","pages":"106-115"},"PeriodicalIF":0.0000,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"327","resultStr":"{\"title\":\"SD3: a trust management system with certified evaluation\",\"authors\":\"T. Jim\",\"doi\":\"10.1109/SECPRI.2001.924291\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We introduce SD3, a trust management system consisting of a high-level policy language, a local policy evaluation, and a certificate retrieval system. A unique feature of SD3 is its certified evaluator. As the evaluator computes the answer to a query, it also computes a proof that the answer follows from the security policy. Before the answer is returned, the proof is passed through a simple checker and incorrect proofs are reported as errors. The certified evaluator reduces the trusted computing base and greatly increases our confidence that the answers produced by the evaluator follow from the specification, despite complex optimizations. To illustrate SD3's capabilities, we show how to implement a secure name service, similar to DNSSEC, entirely in SD3.\",\"PeriodicalId\":20502,\"journal\":{\"name\":\"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001\",\"volume\":\"26 5 1\",\"pages\":\"106-115\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2001-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"327\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECPRI.2001.924291\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.2001.924291","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SD3: a trust management system with certified evaluation
We introduce SD3, a trust management system consisting of a high-level policy language, a local policy evaluation, and a certificate retrieval system. A unique feature of SD3 is its certified evaluator. As the evaluator computes the answer to a query, it also computes a proof that the answer follows from the security policy. Before the answer is returned, the proof is passed through a simple checker and incorrect proofs are reported as errors. The certified evaluator reduces the trusted computing base and greatly increases our confidence that the answers produced by the evaluator follow from the specification, despite complex optimizations. To illustrate SD3's capabilities, we show how to implement a secure name service, similar to DNSSEC, entirely in SD3.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
