Device-Enabled Authorization in the Grey System

Bauer, Lujo; Garriss, Scott; McCune, Jonathan M.; Reiter, Michael K.; Rouse, Jason; Rutenbar, Peter

doi:10.1007/11556992_31

Cited by 67 publications

(58 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We implemented our designs as part of the Grey system for universal access control via convergent devices [BGM+05]. This system is currently in use on the Cylab floor of the Collaborative Innovation Center at Carnegie Mellon University, where students, faculty, and staff use smart phones to control access to their offices and log into their computers.…”

Section: Technical Accomplishmentsmentioning

confidence: 99%

Distributed System Security via Logical Frameworks (SeLF)

Bauer¹,

Pfenning²,

Reiter³

et al. 2008

Self Cite

View full text Add to dashboard Cite

The public reporting burden for this collection of information is estimated to average 1 hour Oer response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.

show abstract

Section: Technical Accomplishmentsmentioning

confidence: 99%

Distributed System Security via Logical Frameworks (SeLF)

Bauer¹,

Pfenning²,

Reiter³

et al. 2008

Self Cite

View full text Add to dashboard Cite

show abstract

“…As is evident from recent research in access control [2,8,11,14,17], modal logic is a powerful framework to study expressiveness, complexity and semantics of access control logics. Although modal logic has proved useful for theoretical study of access control, it is not widely used in practice to enforce authorization policies (some notable exceptions are [5,6,13,21,22]). …”

Section: Introductionmentioning

confidence: 99%

New Modalities for Access Control Logics: Permission, Control and Ratification

Genovese

Garg

2012

Security and Trust Management

View full text Add to dashboard Cite

Abstract. We present a new modal access control logic, ACL + , to specify, reason about and enforce access control policies. The logic includes new modalities for permission, control, and ratification to overcome some limits of current access control logics. We present a Hilbert-style proof system for ACL + and a sound and complete Kripke semantics for it. We exploit the Kripke semantics to define Seq-ACL + : a sound, complete and cut-free sequent calculus for ACL + , implying that ACL + is at least semi-decidable. We point at a Prolog implementation of Seq-ACL + and discuss possible extensions of ACL + with axioms for subordination between principals.

show abstract

“…Proof-carrying authorization (PCA) [3,5,6,19,15,17] is a modern access control technology, where an access control policy is formalized as a set of logical formulas, and a principal is allowed to perform an operation on a resource only if that principal can produce a logical proof showing that the policy entails that the principal may perform that operation on that resource. While this architecture allows automatic enforcement of complex access control policies, it substantially increases the burden of the user, since each request to perform an operation must be accompanied by one or more proofs.…”

Section: Introductionmentioning

confidence: 99%

“…It has been applied in different settings including authorization for web services [5], the Grey system [6], and a file system [15]. The latter implementation is the basic test bench for PCAL.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

PCAL: Language Support for Proof-Carrying Authorization Systems

Chaudhuri

Garg

2009

Computer Security – ESORICS 2009

View full text Add to dashboard Cite

Abstract. By shifting the burden of proofs to the user, a proof-carrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those proofs can be a daunting task for the user. In this paper we develop a Bash-like language, PCAL, that can automate correct and efficient use of a PCA interface. Given a PCAL script, the PCAL compiler tries to statically construct the proofs required for executing the commands in the script, while re-using proofs to the extent possible and rewriting the script to construct the remaining proofs dynamically. We obtain a formal guarantee that if the policy does not change between compile time and run time, then the compiled script cannot fail due to access checks at run time.

show abstract

Device-Enabled Authorization in the Grey System

Abstract: We describe the design and implementation of Grey, a

Cited by 67 publications

References 31 publications

Distributed System Security via Logical Frameworks (SeLF)

Distributed System Security via Logical Frameworks (SeLF)

New Modalities for Access Control Logics: Permission, Control and Ratification

PCAL: Language Support for Proof-Carrying Authorization Systems

Contact Info

Product

Resources

About