Selected publications by Stefan Schwoon

The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trust-management system SPKI/SDSI, the security policy is given by a set of certificates, and proofs of authorization take the form of certificate chains. The certificate-chain-discovery problem is to discover a proof of authorization for a given request. Certificate-chain-discovery algorithms for SPKI/SDSI have been investigated by several researchers. We consider a variant of the certificate-chain discovery problem where the certificates are distributed over a number of servers, which then have to cooperate to identify the proof of authorization for a given request. We propose two protocols for this purpose. These protocols are based on distributed model-checking algorithms for weighted pushdown systems (WPDSs). These protocols can also handle cases where certificates are labeled with weights and where multiple certificate chains must be combined to form a proof of authorization. We have implemented these protocols in a prototype and report preliminary results of our evaluation.

   address = {Vienna, Austria},
   author = {Jha, Somesh and Schwoon, Stefan and Wang, Hao and Reps, Thomas},
   booktitle = {{P}roceedings of the 12th {I}nternational {C}onference on {T}ools and {A}lgorithms for {C}onstruction and {A}nalysis of {S}ystems ({TACAS}'06)},
   DOI = {10.1007/11691372_1},
   editor = {Hermanns, Holger and Palsberg, Jens},
   month = mar,
   pages = {1-26},
   publisher = {Springer},
   series = {Lecture Notes in Computer Science},
   title = {Weighted Pushdown Systems and Trust-Management Systems},
   url = {},
   volume = {3920},
   year = {2006},

About LSV