Design of an Application-Level Security Infrastructure

Design of an Application-Level Security Infrastructure
DIMACS Workshop on Design and Formal Verification of Security Protocols,
September 3-5, 1997

Carl A. Gunter and Trevor Jim

Abstract

We propose a security infrastructure based on authenticated data distribution, implemented via the automatic management of queries and certificates. This approach is appropriate for an infrastructure to be used by application programmers, because they are not experts in cryptographic algorithms or security protocols. Our query certificate managers hide the use of cryptography and message sending from the programmer, and hence prevent programmer errors that could lead to security failures. The system has a formal semantics and correctness guarantees.