We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems.The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given.We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety prope...
AbstractAn access control system regulates the rights of users to gain access to resources in accord...
System administrators specify the access control policy they want and implement the relevant configu...
© 2016 IEEE. Object capabilities are a technique for fine-grained privilegeseparation in programming...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Abstract. Access control systems must be evaluated in part on how well they support the Principle of...
In capability secure systems it is important to understand the restrictive influence programmed enti...
Abstract. Safety critical and business critical systems are usually controlled by policies with the ...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
Cyber physical systems are examples of a new emerging modelling paradigm that can be defined as mult...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
Abstract—Access control is fundamental to computer security, and has thus been the subject of extens...
When practicing secure programming, it is important to understand the restrictive influence programm...
AbstractAn access control system regulates the rights of users to gain access to resources in accord...
System administrators specify the access control policy they want and implement the relevant configu...
© 2016 IEEE. Object capabilities are a technique for fine-grained privilegeseparation in programming...
We present a formal system that models programmable abstractions for access control. Composite abstr...
Abstract. We present a formal system that models programmable abstractions for access control. Compo...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Abstract. Access control systems must be evaluated in part on how well they support the Principle of...
In capability secure systems it is important to understand the restrictive influence programmed enti...
Abstract. Safety critical and business critical systems are usually controlled by policies with the ...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
Cyber physical systems are examples of a new emerging modelling paradigm that can be defined as mult...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
Abstract—Access control is fundamental to computer security, and has thus been the subject of extens...
When practicing secure programming, it is important to understand the restrictive influence programm...
AbstractAn access control system regulates the rights of users to gain access to resources in accord...
System administrators specify the access control policy they want and implement the relevant configu...
© 2016 IEEE. Object capabilities are a technique for fine-grained privilegeseparation in programming...