xDomain: Cross-border Proofs of Access (CMU-CyLab-09-005)
نویسندگان
چکیده
A number of research systems have demonstrated the benefits of accompanying each request with a machine-checkable proof that the request complies with access-control policy — a technique called proof-carrying authorization. Numerous authorization logics have been proposed as vehicles by which these proofs can be expressed and checked. A challenge in building such systems is how to allow delegation between institutions that use different authorization logics. Instead of trying to develop the authorization logic that all institutions should use, we propose a framework for interfacing different, mutually incompatible authorization logics. Our framework provides a very small set of primitives that defines an interface for communication between different logics without imposing any fundamental constraints on their design or nature. We illustrate by example that a variety of different logics can communicate over this interface, and show formally that supporting the interface does not impinge on the integrity of each individual logic. We also describe an architecture for constructing authorization proofs that contain components from different logics and report on the performance of a prototype proof checker.
منابع مشابه
Access Control for Home Data Sharing: Attitudes, Needs and Practices (CMU-CyLab-09-013, CMU-PDL-09-110)
As digital content becomes more prevalent in the home, nontechnical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create...
متن کاملA Logic of Secure Systems and its Application to Trusted Computing (CMU-CyLab-09-001)
We present a logic for reasoning about properties of secure systems. The logic is built around a concurrent programming language with constructs for modeling machines with shared memory, a simple form of access control on memory, machine resets, cryptographic operations, network communication, and dynamically loading and executing unknown (and potentially untrusted) code. The adversary’s capabi...
متن کاملEfficient TCB Reduction and Attestation (CMU-CyLab-09-003)
We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to a remote verifier. TrustVisor only add...
متن کاملEffects of Access-Control Policy Conflict-Resolution Methods on Policy-Authoring Usability (CMU-CyLab-09-006)
Access-control policies can be stated more succinctly if they support both rules that grant access and rules that deny access, but this introduces the possibility that multiple rules will give conflicting conclusions for an access. In this paper, we compare a new conflict-resolution method, which uses first specificity and then deny precedence, to the conflictresolution method used by Windows N...
متن کامل