Abstract—We present the design and implementation of PCFS, a file system that adapts proof-carrying authorization to provide direct, rigorous, and efficient enforcement of dynamic access policies. The keystones of PCFS are a new authorization logic BL that supports policies whose consequences may change with both time and system state, and a rigorous enforcement mechanism that combines proof verification with conditional capabilities. We prove that our enforcement using capabilities is correct, and evaluate our design through performance measurements and a case study. Keywords-Access control, logic, proof-carrying authorization, file system I
AbstractProof-carrying code (PCC) allows a code producer to provide to a host a program along with i...
A number of research systems have demonstrated the bene-fits of accompanying each request with a mac...
Cryptographic access control promises to offer easily distributed trust and broader applicability, w...
We present the design and implementation of a file system which allows authorizations dependent on r...
Official policies for controlling access to classified information in the U.S. are quite complex and...
Official policies for controlling access to classified information in the U.S. are quite complex and...
Official policies for controlling access to classified information in the U.S. are quite complex and...
Abstract. We model networked storage systems with distributed, cryptographically enforced file-acces...
Official policies for controlling access to classified information in the U.S. are quite complex and...
findings, and conclusions contained in this document are those of the authors and do not reflect the...
Trust management credentials directly authorize actions, rather than divide the authorization task i...
Critical systems software such as the file system is challenging to make correct due to the combinat...
This paper describes the implementation of an enforcement module for file system security implemente...
Our project applies automated proof checking to two application domains: protecting host computers f...
We present a framework to support consumable credentials in a logic-based distributed authorization ...
AbstractProof-carrying code (PCC) allows a code producer to provide to a host a program along with i...
A number of research systems have demonstrated the bene-fits of accompanying each request with a mac...
Cryptographic access control promises to offer easily distributed trust and broader applicability, w...
We present the design and implementation of a file system which allows authorizations dependent on r...
Official policies for controlling access to classified information in the U.S. are quite complex and...
Official policies for controlling access to classified information in the U.S. are quite complex and...
Official policies for controlling access to classified information in the U.S. are quite complex and...
Abstract. We model networked storage systems with distributed, cryptographically enforced file-acces...
Official policies for controlling access to classified information in the U.S. are quite complex and...
findings, and conclusions contained in this document are those of the authors and do not reflect the...
Trust management credentials directly authorize actions, rather than divide the authorization task i...
Critical systems software such as the file system is challenging to make correct due to the combinat...
This paper describes the implementation of an enforcement module for file system security implemente...
Our project applies automated proof checking to two application domains: protecting host computers f...
We present a framework to support consumable credentials in a logic-based distributed authorization ...
AbstractProof-carrying code (PCC) allows a code producer to provide to a host a program along with i...
A number of research systems have demonstrated the bene-fits of accompanying each request with a mac...
Cryptographic access control promises to offer easily distributed trust and broader applicability, w...