Automated Certification of Authorisation Policy Resistance

Attribute-based Access Control (ABAC) extends traditional Access Control by considering an access request as a set of pairs attribute name-value, making it particularly useful in the context of open and distributed systems, where security relevant information can be collected from different sources. However, ABAC enables attribute hiding attacks, allowing an attacker to gain some access by withholding information. In this paper, we first introduce the notion of policy resistance to attribute hiding attacks. We then propose the tool ATRAP (Automatic Term Rewriting for Authorisation Policies), based on the recent formal ABAC language PTaCL, which first automatically searches for resistance counter-examples using Maude, and then automatically searches for an Isabelle proof of resistance. We illustrate our approach with two simple examples of policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will be presented at ESORICS 201

Low-energy block of apartments

Diplomová práce se zabývá vypracováním projektové dokumentace čtyřpodlažního nízkoenergetického bytového domu s plochou střechou ve stupni pro realizaci stavby. Jedná se o nepodsklepenou stavbu s hromadnou garáží v prvním nadzemním podlaží. Stavba je navržena s důrazem na celkovou energetickou úspornost, která je doložena podrobným energetickým výpočtem náročnosti budovy podle vyhlášky č.78/2013 Sb. a ČSN 73 0540-2.Diploma thesis is aimed on solution of project documentation design of a four-storey low-energy block of apartments with a flat roof in the degree of project realization. The object has a collective garage on first floor and no basement. The structure is designed with the emphasis on overall energy saving, which was documented by detailed calculation of the energy performance of the building under Decree No.78 / 2013 Coll. and ČSN 73 0540-2.

Cores with distinct parts and bigraded Fibonacci numbers

The notion of $(a,b)$-cores is closely related to rational $(a,b)$ Dyck paths due to Anderson's bijection, and thus the number of $(a,a+1)$-cores is given by the Catalan number $C_a$. Recent research shows that $(a,a+1)$ cores with distinct parts are enumerated by another important sequence- Fibonacci numbers $F_a$. In this paper, we consider the abacus description of $(a,b)$-cores to introduce the natural grading and generalize this result to $(a,as+1)$-cores. We also use the bijection with Dyck paths to count the number of $(2k-1,2k+1)$-cores with distinct parts. We give a second grading to Fibonacci numbers, induced by bigraded Catalan sequence $C_{a,b} (q,t)$

PEP4Django - A Policy Enforcement Point for Python Web Applications

Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system