Book Chapter10.1007/978-3-540-74835-9_3
Efficient proving for practical distributed access-control systems
Lujo Bauer,Scott Garriss,Michael K. Reiter +2 more
- 24 Sep 2007
- pp 19-37
TL;DR: A new technique for generating a formal proof that an access request satisfies access-control policy, for use in logic-based access- control frameworks, and offers strictly superior proving ability, in the sense that it finds a proof in every case that previous approaches would.
read more
Abstract: We present a new technique for generating a formal proof that an access request satisfies access-control policy, for use in logic-based access-control frameworks. Our approach is tailored to settings where credentials needed to complete a proof might need to be obtained from, or reactively created by, distant components in a distributed system. In such contexts, our approach substantially improves upon previous proposals in both computation and communication costs, and better guides users to create the most appropriate credentials in those cases where needed credentials do not yet exist. At the same time, our strategy offers strictly superior proving ability, in the sense that it finds a proof in every case that previous approaches would (and more). We detail our method and evaluate an implementation of it using both policies in active use in an access-control testbed at our institution and larger policies indicative of a widespread deployment.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Journal Article
[Expression of fusion proteins in beta(2)GP I gene-transfected HEp-2 cells and its clinical application].
Liangjing Lu,Shunle Chen,Yue-ying Gu,Nan Shen,Chunde Bao,Yuan Wang,Chengde Yang,Ping Ye,Chong-zhao Yu +8 more
TL;DR: As a new kind of substrate of IIF, beta( 2)GP I transfectant can be used to detect anti-beta(2)GP-I antibodies and keep the immunofluorescent property of HEp-2 cells in IFANA test and can be use as substrate for routine IFANA detection.
793
Schematizing Trust in Named Data Networking
Yingdi Yu,Alexander Afanasyev,David D. Clark,kc claffy,Van Jacobson,Lixia Zhang +5 more
- 30 Sep 2015
TL;DR: The ability of NDN to enable automation through the use of trust schemas is explored, which can provide data consumers an automatic way to discover which keys to use to authenticate individual data packets, and provide data producers an automatic decision process to sign data packets.
192
Detecting and resolving policy misconfigurations in access-control systems
TL;DR: In this article, the authors apply association rule mining to the history of accesses to predict changes to access control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses.
•Book
Handbook of Database Security: Applications and Trends
Michael Gertz,Sushil Jajodia +1 more
- 30 Nov 2007
TL;DR: The Handbook of Database Security: Applications & Trends as discussed by the authors provides an up-to-date overview of data security models, techniques, and architectures in a variety of data management applications and settings.
78
Detecting and resolving policy misconfigurations in access-control systems
Lujo Bauer,Scott Garriss,Michael K. Reiter +2 more
- 11 Jun 2008
TL;DR: In this article, association rule mining is applied to the history of accesses to predict changes to access control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses.
References
•Book
Artificial Intelligence: A Modern Approach
Stuart Russell,Peter Norvig +1 more
- 01 Jan 2020
TL;DR: In this article, the authors present a comprehensive introduction to the theory and practice of artificial intelligence for modern applications, including game playing, planning and acting, and reinforcement learning with neural networks.
21.4K
A logic of authentication
TL;DR: This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols.
2.8K
Authentication in distributed systems: theory and practice
TL;DR: A theory of authentication and a system that implements it, based on the notion of principal and a “speaks for” relation between principals, is described and used to explain many existing and proposed security mechanisms.
SPKI Certificate Theory
Carl M. Ellison,B. Frantz,Butler W. Lampson,Ronald L. Rivest,Brian Thomas,Tatu Ylonen +5 more
- 01 Sep 1999
TL;DR: A mechanism for deriving authorization decisions from a mixture of certificate types was developed and is presented in this document and a canonical form for those S-expressions is defined.
•Journal Article
[Expression of fusion proteins in beta(2)GP I gene-transfected HEp-2 cells and its clinical application].
Liangjing Lu,Shunle Chen,Yue-ying Gu,Nan Shen,Chunde Bao,Yuan Wang,Chengde Yang,Ping Ye,Chong-zhao Yu +8 more
TL;DR: As a new kind of substrate of IIF, beta( 2)GP I transfectant can be used to detect anti-beta(2)GP-I antibodies and keep the immunofluorescent property of HEp-2 cells in IFANA test and can be use as substrate for routine IFANA detection.
793