View
223
Download
0
Embed Size (px)
Citation preview
1st PKI Research Workshop, NIST, Gaithersburg 2002 1
A Note On SPKI’s Authorisation Syntax
Olav Bandmann*Industrilogik L4i AB
Mads DamKTH/IMIT
*Work done while at SICS, Swedish Institute of Computer Science.
Supported by Microsoft Research, Cambridge
1st PKI Research Workshop, NIST, Gaithersburg 2002 2
SPKI
• SPKI: Approach based on binding names and authorisations to keys
• SPKI authorisation certificate
(issuer, subject, propagate, tag, validity)
• Tags (= authorisation expressions) given in special S-expression (LISP-like) syntax
1st PKI Research Workshop, NIST, Gaithersburg 2002 3
Tuple Reduction
• Decisions resolved by tuple reduction– Cert vs cert
– Request vs cert
• For tags, compute
Z = AIntersect(X,Y),
the most inclusive authorisation granted by both X and Y
1st PKI Research Workshop, NIST, Gaithersburg 2002 4
Contributions
• Problem: AIntersect is not suitable for space/time critical applications
• In this paper: Restricted syntax which– Conforms with SPKI ”practice” (we think)– Has n log n procedure
• Other contributions:– Authorisation preorder – Sound and complete axiomatisation for
• Standard syntax• Restricted syntax
1st PKI Research Workshop, NIST, Gaithersburg 2002 5
Objections
• But: – SPKI authorisation expressions (tags) are small
– Requests do not involve the set construction
• It depends...– For hand-crafted certs and standard usage, maybe so
– For e.g. macros, precomputation, richer delegation logics, maybe not
1st PKI Research Workshop, NIST, Gaithersburg 2002 6
Authorisation Trees
Rivest S-expressions – example:x = (object person (conds (group ”admin”)
(unit ”finance”)) (op income read))
Authorisation and request in same syntax:y = (object person (conds (group ”admin”)) (op income read))
z = (object person (conds (group ”admin”) (unit ”finance”)) (op income))
Both y and z would grant x– ”Being authorised by” = lists are extended to right
1st PKI Research Workshop, NIST, Gaithersburg 2002 7
Authorisation Order
Authorisation trees:
t ::= a | (a t1 ... tn)
where a is an atom, n ≥ 1
Authorisation order t1 t2, t1 authorised by t2:– a ≤ t iff t ≤ a iff t=a
– (x1 ... xn) ≤ (y1 ... ym) iff n ≥ m and xi ≤ yi (1 ≤ i ≤ m)
Can show that:
t1=AIntersection(t1,t2) iff t1 t2
1st PKI Research Workshop, NIST, Gaithersburg 2002 8
Star Forms
* forms abbreviate sets of S-expressions:– (*) : The wildcard
– (* set X1 ... Xn): Union of X1,...,Xn
– (* range <order> <lower> <upper>)
– (* prefix <string>)
Example:t = (object person (conds (group ”admin”)
(* set (unit ”finance”) (type ”Managers”)))
(op income (* set read write)))
1st PKI Research Workshop, NIST, Gaithersburg 2002 9
S-Expressions
Set constants b, Val(b) nonempty set of atoms
X ::= (*) | a | b | (a X1 ... Xn) | (* set X1 ... Xm)
Semantics:• || b || = Val(b)
• || (X1 ... Xn) || = {(t1 ... tk) | kn, i:1in ti|| Xi ||}
• || (* set X1 ... Xm) || = || X1 || ... || Xm ||
Obs: || X || is lower closed: t1t2|| X || t1 || X ||
1st PKI Research Workshop, NIST, Gaithersburg 2002 10
S-Expression Preorder
Def. X ≤ Y iff || X || || Y ||
|| . || not suitable for algorithm
Computes all paths through a tree
Set constants (range, prefix) may give infinite sets
Task: Decide - without computing || . ||:• Given t and X is t X?• Given X and Y, is X Y?
1st PKI Research Workshop, NIST, Gaithersburg 2002 11
Weak Preorder
Let X ≤w Y iff one of:1 - 4. ...
5. X=b1, Y=b2 and Val(b1) Val(b2)
6. X = (X1 ... Xm), Y = (Y1 ... Yn), m≥n, and Xi ≤w Yi, 1≤i≤m
7. X = (* set X1 ... Xm), Xi ≤w Y for all 1≤i≤m8. X = b, Y = (* set ...) and ...
9. X not b nor (* set ...) form, Y = (* set Y1 ... Yn) and X ≤wYi for some i: 1≤i≤n
1st PKI Research Workshop, NIST, Gaithersburg 2002 12
Weak Preorder
Let X ≤w Y iff one of:1 - 4. ...
5. X=b1, Y=b2 and Val(b1) Val(b2)
6. X = (X1 ... Xm), Y = (Y1 ... Yn), m≥n, and Xi ≤w Yi, 1≤i≤m
7. X = (* set X1 ... Xm), Xi ≤w Y for all 1≤i≤m8. X = b, Y = (* set ...) and ...
9. X not b nor (* set ...) form, Y = (* set Y1 ... Yn) and X ≤wYi for some i: 1≤i≤n
1st PKI Research Workshop, NIST, Gaithersburg 2002 13
Basic Properties
Results: w is a preorder
w is sound, i.e. X w Y implies X Y
w is incomplete
Example:
(a (* set b c)) (* set (a b) (a c)) but neither
(a (* set b c)) (a b) nor (a (* set b c)) (a c)
1st PKI Research Workshop, NIST, Gaithersburg 2002 14
(9) Is Problem Case
Replace
9. X not b nor (* set ...) form, Y = (* set Y1 ... Yn) and X ≤wYi for some i: 1≤i≤n
By
ix. X not b nor (* set ...) form, Y = (* set Y1 ... Yn) and || X || || Y ||
Theorem: Preorder with ix. in place of 9. is sound and complete w.r.t.
1st PKI Research Workshop, NIST, Gaithersburg 2002 15
Restricted S-Expressions
Non-atomic members of *-set expressions should have unique ”tag”
• r ::= (*) | a | b | (a r1 ... rn) | (* set ra1 ... ram)
• ra ::= a’ | b | (a r1 ... rn)
All ai must be distinct
Idea: Push ”conflicts” to the leaves:
(a (* set (b c) (b d) b)) -> (a (* set (b (* set c d)) b))
1st PKI Research Workshop, NIST, Gaithersburg 2002 16
Restricted S-Expressions, 2
Result:
For the restricted syntax w is sound and complete:
r1 r2 iff r1 w r2
Result:Any S-expression can be rewritten into equivalent
restricted S-expression
By: Eliminating ”tag conflicts” and nested *-sets
1st PKI Research Workshop, NIST, Gaithersburg 2002 17
AIntersect
Assume the Val(b) closed under intersections
Exploit ”tags” when computing AIntersect (details in paper)
Possible n log n algorithm: Sort *-set expressions according to tag, then use binary search
Obtain: || AIntersect(r,r’) || = || r || iff r ≤ r’
1st PKI Research Workshop, NIST, Gaithersburg 2002 18
Summary
• Characterisation of SPKI authorisation relation as partial order ≤
• Weak version ≤w of ≤– Sound, incomplete, x ≤w y computable in time O(|x||y|)
• Restricted S-expression syntax– ≤w complete– Appears to reflect SPKI practice
• AIntersect is glb with respect to ≤– Running time n log n
1st PKI Research Workshop, NIST, Gaithersburg 2002 19
The Objections
1. Certificates are small
2. Requests do not involve *-set expressions
Does this hold water?
1st PKI Research Workshop, NIST, Gaithersburg 2002 20
The Objections, 2
1. What is SPKI practice?2. SPKI cert-cert reductions can involve *-sets in
both arg’s – are they sometimes time critical?3. Cannot application program-generated certs
become quite complex/large?– Ex: Request precomputation– Ex: Use *-set’s as macros, e.g.
MidWestLocs = (* set ... (loc Nebraska Lincoln) (loc Kansas Topeka
Centre) (loc Kansas Topeka North) ... )
1st PKI Research Workshop, NIST, Gaithersburg 2002 21
Related Work: Delegation
A B
A to delegate authority to B to administer A’s security
policies
1st PKI Research Workshop, NIST, Gaithersburg 2002 22
Delegation, 2
Richer models of delegationConstrained delegation:• Explicit issuance of new privileges• Delegation tree constraints (a b* c)• Stepwise refinement of constraints (requests)Forthcoming: SPKI + Kleene star
Papers: Sadighi, Sergot, Bandmann - Security protocols 01Bandmann, Dam, Sadighi - S&P 02