Device-Enabled Authorization in the Grey System

Bauer, Lujo; Garriss, Scott; McCune, Jonathan M.; Reiter, Michael K.; Rouse, Jason; Rutenbar, Peter

doi:10.21236/ada457095

Cited by 17 publications

(11 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several systems have been built using PCA [10,23,40]. Like many security-typed languages, we use dependently typed PCA to check authorization proofs at compile-time through type checking.…”

Section: Related Workmentioning

confidence: 99%

Security-typed programming within dependently typed programming

MorgensternJamie

Licata

2010

SIGPLAN Not.

View full text Add to dashboard Cite

Several recent security-typed programming languages, such as Aura, PCML5, and Fine, allow programmers to express and enforce access control and information flow policies. In this paper, we show that security-typed programming can be embedded as a library within a general-purpose dependently typed programming language, Agda. Our library, Aglet, accounts for the major features of existing security-typed programming languages, such as decentralized access control, typed proof-carrying authorization, ephemeral and dynamic policies, authentication, spatial distribution, and information flow. The implementation of Aglet consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning's BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we represent computations using a monad indexed by pre-and post-conditions drawn from the authorization logic, which permits ephemeral policies that change during execution. We describe the implementation of our library and illustrate its use on benchmark examples considered in the literature.

show abstract

“…Several systems have been built using PCA [10,23,40]. Like many security-typed languages, we use dependently typed PCA to check authorization proofs at compile-time through type checking.…”

Section: Related Workmentioning

confidence: 99%

Security-typed programming within dependently typed programming

MorgensternJamie

Licata

2010

SIGPLAN Not.

View full text Add to dashboard Cite

show abstract

“…The Edinburgh Logical Framework (LF) has been used in several prominent projects in the domains of proof-carrying code and proof-carrying authentication [3,1]. A central concern in these applications has been minimizing proof size, since the use model requires proofs to be transmitted over a network to convince skeptical parties that certain operations are safe or permitted [11,5].…”

Section: Using Lf For Smtmentioning

confidence: 99%

Proof Checking Technology for Satisfiability Modulo Theories

Stump

2009

Electronic Notes in Theoretical Computer Science

View full text Add to dashboard Cite

A common proof format for solvers for Satisfiability Modulo Theories (SMT) is proposed, based on the Edinburgh Logical Framework (LF). Two problems arise: checking very large proofs, and keeping proofs compact in the presence of complex side conditions on rules. Incremental checking combines parsing and proof checking in a single step, to avoid building in-memory representations of proof subterms. LF with Side Conditions (LFSC) extends LF to allow side conditions to be expressed using a simple first-order functional programming language. Experimental data with an implementation show very good proof checking times and memory usage on benchmarks including the important example of resolution inferences.

show abstract

“…However, the viability of this approach on the Symbian Series 60 platform has been demonstrated in both C++ [17,24] and Java [5]. In addition to the hash of the AIK certificate, the barcode will also encode the Bluetooth address of the kiosk, which allows the phone to bypass the exceedingly slow device discovery protocol [24].…”

Section: Mobile Device Softwarementioning

confidence: 99%

Trustworthy and personalized computing on public kiosks

Garriss

Cáceres

Berger

et al. 2008

Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services

Self Cite

View full text Add to dashboard Cite

Many people desire ubiquitous access to their personal computing environments. We present a system in which a user leverages a personal mobile device to establish trust in a public computing device, or kiosk, prior to resuming her environment on the kiosk. We have designed a protocol by which the mobile device determines the identity and integrity of all software loaded on the kiosk, in order to inform the user whether the kiosk is trustworthy. Our system exploits emerging hardware security technologies, namely the Trusted Platform Module and new support in x86 processors for establishing a dynamic root of trust. We have demonstrated the viability of our approach by implementing and evaluating our system on commodity hardware. Through a brief survey, we found that respondents are generally willing to endure a delay in exchange for an increased assurance of data privacy, and that the delay incurred by our unoptimized prototype is close to the range tolerable to the respondents. We have focused on allowing the user to personalize a kiosk by running her own virtual machine there. However, our work is generally applicable to establishing trust on public computing devices before revealing any sensitive information to those devices.

show abstract

Device-Enabled Authorization in the Grey System

Abstract: We describe the design and implementation of Grey, a

Cited by 17 publications

References 18 publications

Security-typed programming within dependently typed programming

Security-typed programming within dependently typed programming

Proof Checking Technology for Satisfiability Modulo Theories

Trustworthy and personalized computing on public kiosks

Contact Info

Product

Resources

About