An Innovative Policy-Based Cross Certification Methodology for Public Key Infrastructures

  • Valentina Casola
  • Antonino Mazzeo
  • Nicola Mazzocca
  • Massimiliano Rak
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3545)


Cross Certification among CAs is a very huge problem which is actually manually performed by security experts and organizational people, trying to understand if two CAs could cooperate. The evaluation process is based on the evaluation of the Certificate policies which are usually expressed in a not formalized (and native language) way. In this paper we propose a methodology to automatically evaluate and compare security policies for Cross Certification. The methodology consists in the formalization of a policy template and in the building of a reference evaluation model. The proposed approach can be applied on several models of Cross Certification.


Fuzzy Number Security Policy Security Level Evaluation Technique Policy Space 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brewer, D., Nash, M.: The Chinese Wall Security Policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206–214 (May 1989)Google Scholar
  2. 2.
    Canfora, G., Troiano, L.: An Extensive Comparison between OWA and OFNWA Aggregation, VIII Sigef Congress, Naples - Italy (2001)Google Scholar
  3. 3.
    Canfora, G., Troiano, L.: The Importance of Dealing with Uncertainty in the Evaluation of Software Engineering Methods and Tools. In: SEKE 2002, pp. 691–698. ACM Press, Ischia (2002)CrossRefGoogle Scholar
  4. 4.
    Canfora, G., Cerulo, L., Preziosi, R., Troiano, L.: A tool for Decision Support implementing OFNWA approach: A case study. In: SEKE 2003 (2003)Google Scholar
  5. 5.
    Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: Policy Formalization to combine separate systems into larger connected networks of trust. In: Proceedings of Net-Con 2002 Conference, Paris, France (2002)Google Scholar
  6. 6.
    Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: Policy based interoperability in distributed security infrastructures. In: Proceedings of 10th ISPE International conference on concurrent engineering: research and applications, Madeira, Spain (2003)Google Scholar
  7. 7.
    Casola, V., Preziosi, R., Rak, M., Troiano, L.: Security Level Evaluation: Policy and Fuzzy Technique. In: IEEE Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 2004), Las Vegas, vol. 2, pp. 752–756 (2004) ISBN 0-7695-2108-8Google Scholar
  8. 8.
    Casola, V., Preziosi, R., Rak, M., Troiano, L.: A Reference Model for Security Level Evaluation: Policy and Fuzzy Techniques. In: JUCS - Journal of Universal Computer Science - edited by Ajith Abraham, Oklahoma State University, USA and L.C. Jain, University of South Australia (2005)Google Scholar
  9. 9.
    Curry, I.: Trusted Public-Key Infrastructures, Version 1.2, Entrust Technologies (2000),
  10. 10.
    EuroPKI, Certificate Policy VERSION 1.1 (DRAFT 4), OID: 5255.1.1.1 (2000)Google Scholar
  11. 11.
    Baum, M.S., Ford, W.: Secure Electronic Commerce. Prentice Hall, Englewood Cliffs (1997)Google Scholar
  12. 12.
    Grill, S.: An Approach to Formally Compare and Query Certification Practice Statements, Published on Informatik GI Workshop, Berlin (2000)Google Scholar
  13. 13.
    Huitema, C., Mendes, S.: A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model. In: Proceedings of the 1995 Symposium on Network and Distributed System Security, SNDSS 1995 (1995)Google Scholar
  14. 14.
    Klobucar, T., Jerman-Blazic, B.: A Formalization and evaluation of certificate policies. Computer Communication 22, 1104–1110 (1999)CrossRefGoogle Scholar
  15. 15.
    Kokolakis, S.A., Kiountouzis, E.A.: Achieving Interoperability in a multiple-security-policies environment. Computer & Security 19(3), 267–281 (2000)CrossRefGoogle Scholar
  16. 16.
    Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Published in the proceedings of IEEE Symposium on Security and Privacy, Oakland, USA (1997)Google Scholar
  17. 17.
    Kagal, L., Finin, T., Joshi, A.: A Policy Language for a Pervasive Computing Environment. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks Policy (2003)Google Scholar
  18. 18.
    NIST 2001, Report of Federal Bridge Certification Authority Initiative and DemonstrationGoogle Scholar
  19. 19.
    Polk, W., Hastings, N.: Bridge Certification Authorities: Connecting B2B Public Key Infrastructures (2000)Google Scholar
  20. 20.
    RFC2459 - Internet X.509 Public Key Infrastructure Certificate and CRL Profile (1999)Google Scholar
  21. 21.
    Chokhani, S., Ford, W.: RFC 3647: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (1999)Google Scholar
  22. 22.
    Turnbull, J.: Cross-Certification and PKI Policy Networking Version 1.1, Entrust Technologies (2000),
  23. 23.
    Digital Signature and Confidentiality, Certificate Policies for the Government of Canada Public Key Infrastructure, version 3.02 (1999)Google Scholar
  24. 24.
    Centro Tecnico per la Rete Unitaria, Sezione Sicurezza, Manuale operativo per il servizio di certificazione di chiavi pubbliche per la rete unitaria della pubblica amministrazione. Versione 1.1 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Valentina Casola
    • 1
  • Antonino Mazzeo
    • 2
  • Nicola Mazzocca
    • 2
  • Massimiliano Rak
    • 1
  1. 1.Seconda Universita’ di Napoli Dipartimento di Ingegneria dell’Informazione, Aversa (CE)Italy
  2. 2.Universita’ degli Studi di Napoli, Federico II Dipartimento di Informatica e Sistemistica NaplesItaly

Personalised recommendations