Article

Free access

Proof-carrying authentication

Authors:

Andrew W. Appel and

Edward W. FeltenAuthors Info & Claims

CCS '99: Proceedings of the 6th ACM conference on Computer and communications security

November 1999

Pages 52 - 62

https://doi.org/10.1145/319709.319718

Published: 01 November 1999 Publication History

Abstract

We have designed and implemented a general and powerful distributed authentication framework based on higher-order logic. Authentication frameworks — including Taos, SPKI, SDSI, and X.509 — have been explained using logic. We show that by starting with the logic, we can implement these frameworks, all in the same concise and efficient system. Because our logic has no decision procedure — although proof checking is simple — users of the framework must submit proofs with their requests.

References

[1]

Martin Abadi, Michael Burrows, Butler Lampson, and Gordon D. Plotkin. A Calculus for Access Control in Distributed Systems. A CM Transactions on Programming Languages and Systems, 15(4):706-734, September 1993.]]

Digital Library

[2]

Andrew W. Appel and Amy Felty. Lightweight Lemmas in Lambda Prolog. In 16th International Conference on Logic Programming. MIT Press, November 1999.]]

Digital Library

[3]

Matt Blaze, Joan Feigenbaum, and Jack Lacy. Distributed Trust Management. In Proc. of 17th IEEE Symposium on Security and Pmvacy, pages 164-173, May 1996.]]

Digital Library

[4]

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. Simple Public Key Certificate. Internet Draft draft-ietf-spkicert-structure-05.txt, 1998.]]

[5]

Robert Harper, FUrio Honsell, and Gordon Plotkin. A Framework for Defining Logics. Journal of the A CM, January 1993. To appear. A preliminary version appeared in Symposium on Logzc zn Computer Science, pages 194-204, June 1987.]]

Digital Library

[6]

Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber. Authentication in Distributed Systems: Theory and Practice. A CM Transactions on Computer Systev~, 10(4):265-310, November 1992.]]

Digital Library

[7]

Peter Lee. personal communication, 1999.]]

[8]

Robin Milner, Mads Torte, Robert Harper, and David MacQueen. The Definition of Standard ML (Revised). MIT Press, Cambridge, MA, 1997.]]

Digital Library

[9]

George C. Necula. Proof-Carrying ~e. In Procedings of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Priuciples of Programming Languages (POPL '97), pages 106-119, Januaxy 1997.]]

Digital Library

[10]

George (3. Necula and Peter Lee. Efficient Representation and Validation of Proofs. In In Proceedings o jr the 13th Annual Symposium on Logic in Computer Science, 1998.]]

Digital Library

[11]

George Ciprian Necula. Compihng vnth ProoIs. Phi) thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, September 1998.]]

[12]

B. Clifford Nemnan and Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks. IEEE Communicat$ons, 32(9):33-38, September 1994.]]

[13]

Frank PfeDning and Caxsten Schftrmann. System Description: Tweff ~ A Meta-~cai Framework for Deductive Systems. In The I6th lnterna~onal Conference on Automated Deduction. Springer-Vexlag, July 1999.]]

Digital Library

[14]

Ron Rivest and Butler Lampson. SDSI- A Simple Distributed Security Infrastructure. September 1996.]]

[15]

International Telecommunications Union. ITU-T Recommendation X.509: The Directory: Authentication Framework. Technical Report X.509, ITU, www.itu.int, 1997.]]

Cited By

Sheff IWang XBabel KNi Hvan Renesse RMyers A(2023)Charlotte: Reformulating Blockchains into a Web of Composable Attested Data Structures for Cross-Domain ApplicationsACM Transactions on Computer Systems10.1145/360753441:1-4(1-52)Online publication date: 22-Jul-2023
https://dl.acm.org/doi/10.1145/3607534
Ferraiuolo ABehjati RSantoro TLaurie BTorres-Arias SMelara MSimon L(2022)Policy TransparencyProceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3560835.3564549(3-13)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560835.3564549
Zhang HAgarwal YFredrikson MBulusu NAryafar EBalasubramanian ASong J(2022)TEOProceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services10.1145/3498361.3539774(302-315)Online publication date: 27-Jun-2022
https://dl.acm.org/doi/10.1145/3498361.3539774
Show More Cited By

Index Terms

Proof-carrying authentication

Recommendations

Proof Pearl: a Formal Proof of Higman's Lemma in ACL2

Higman's lemma is an important result in infinitary combinatorics, which has been formalized in several theorem provers. In this paper we present a formalization and proof of Higman's Lemma in the ACL2 theorem prover. Our formalization is based on a ...
Read More
A Syntactic Approach to Foundational Proof-Carrying Code

Proof-carrying code (PCC) is a general framework for verifying the safety properties of machine-language programs. PCC proofs are usually written in a logic extended with language-specific typing rules; they certify safety but only if there is no bug in ...
Read More
An open framework for foundational proof-carrying code
TLDI '07: Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation

Today's software systems often use many different computation features and span different abstraction levels (e.g., user code and runtime-system code). To build foundational certified systems, it is hard to have a single verification system supporting ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '99: Proceedings of the 6th ACM conference on Computer and communications security

November 1999

160 pages

ISBN:1581131488

DOI:10.1145/319709

Chairmen:
Juzar Motiwalla
Kent Ridge Digital Labs, Singapore
,
Gene Tsudik
USC Information Sciences Institute, USA

Copyright © 1999 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 1999

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

CCS99

Sponsor:

SIGSAC

CCS99: Sixth ACM Conference on Computer and Communication Security

November 1 - 4, 1999

Kent Ridge Digital Labs, Singapore

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

140
Total Citations
View Citations
1,096
Total Downloads

Downloads (Last 12 months)101
Downloads (Last 6 weeks)10

Other Metrics

View Author Metrics

Citations

Cited By

Sheff IWang XBabel KNi Hvan Renesse RMyers A(2023)Charlotte: Reformulating Blockchains into a Web of Composable Attested Data Structures for Cross-Domain ApplicationsACM Transactions on Computer Systems10.1145/360753441:1-4(1-52)Online publication date: 22-Jul-2023
https://dl.acm.org/doi/10.1145/3607534
Ferraiuolo ABehjati RSantoro TLaurie BTorres-Arias SMelara MSimon L(2022)Policy TransparencyProceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3560835.3564549(3-13)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560835.3564549
Zhang HAgarwal YFredrikson MBulusu NAryafar EBalasubramanian ASong J(2022)TEOProceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services10.1145/3498361.3539774(302-315)Online publication date: 27-Jun-2022
https://dl.acm.org/doi/10.1145/3498361.3539774
Sato HNikita S(2019)An Interactive and Continuous Authorization Scheme by using Belnap Logic2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2019.10287(682-687)Online publication date: Jul-2019
https://doi.org/10.1109/COMPSAC.2019.10287
Miller D(2019)A Distributed and Trusted Web of Formal ProofsDistributed Computing and Internet Technology10.1007/978-3-030-36987-3_2(21-40)Online publication date: 9-Dec-2019
https://doi.org/10.1007/978-3-030-36987-3_2
Tandon LFong PSafavi-Naini RBertino ELin DLobo J(2018)HCAPProceedings of the 23nd ACM on Symposium on Access Control Models and Technologies10.1145/3205977.3205978(247-258)Online publication date: 7-Jun-2018
https://dl.acm.org/doi/10.1145/3205977.3205978
Sato H(2017)Authorization by DocumentsJournal of Information Processing10.2197/ipsjjip.25.76625(766-774)Online publication date: 2017
https://doi.org/10.2197/ipsjjip.25.766
Moore SDimoulas CFindler RFlatt MChong S(2016)Extensible access control with authorization contractsACM SIGPLAN Notices10.1145/3022671.298402151:10(214-233)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/3022671.2984021
Moore SDimoulas CFindler RFlatt MChong SVisser ESmaragdakis Y(2016)Extensible access control with authorization contractsProceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2983990.2984021(214-233)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/2983990.2984021
Gupta AFeamster NVanbever LGodfrey BCasado M(2016)Authorizing Network Control at Software Defined Internet Exchange PointsProceedings of the Symposium on SDN Research10.1145/2890955.2890956(1-6)Online publication date: 14-Mar-2016
https://dl.acm.org/doi/10.1145/2890955.2890956
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents