Certificate Linking and Caching for Logical Trust
This addresses a key barrier to practical use of logical trust for systems with participants controlled by different principals, though it appears incremental as it builds on existing logical trust concepts.
The paper tackles the problem of identifying, gathering, and assembling relevant certificates for trust decisions in multi-domain networked systems, resulting in compact trust cores for applications like federated naming and access control, with secure inferences at high throughput.
SAFE is a data-centric platform for building multi-domain networked systems, i.e., systems whose participants are controlled by different principals. Participants make trust decisions by issuing local queries over logic content exchanged in certificates. The contribution of SAFE is to address a key barrier to practical use of logical trust: the problem of identifying, gathering, and assembling the certificates that are relevant to each trust decision. SAFE uses a simple linking abstraction to organize and share certificates according to scripted primitives that implement the application's trust kernel and isolate it from logic concerns. We show that trust scripting with logical data exchange yields compact trust cores for example applications: federated naming, nested groups and roles, secure IP prefix delegation and routing, attestation-based access control, and a federated infrastructure-as-a-service system. Linking allows granular control over dynamic logic content based on dependency relationships, enabling a logic server to make secure inferences at high throughput.