A Typed Model for Dynamic Authorizations

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.Comment: In Proceedings PLACES 2015, arXiv:1602.0325

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code

Counterfactual quantum certificate authorization

We present a multi-partite protocol in a counterfactual paradigm. In counterfactual quantum cryptography, secure information is transmitted between two spatially separated parties even when there is no physical travel of particles transferring the information between them. We propose here a tripartite counterfactual quantum protocol for the task of certificate authorization. Here a trusted third party, Alice, authenticates an entity Bob (e.g., a bank) that a client Charlie wishes to securely transact with. The protocol is counterfactual with respect to either Bob or Charlie. We prove its security against a general incoherent attack, where Eve attacks single particles.Comment: 6 pages, 2 figures, close to the published versio

Site Authorization Service (SAZ)

In this paper we present a methodology to provide an additional level of centralized control for the grid resources. This centralized control is applied to site-wide distribution of various grids and thus providing an upper hand in the maintenance.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, CA, USA, March 2003, 3 pages, PSN TUBT00

Nexus Authorization Logic (NAL): Logical Results

Nexus Authorization Logic (NAL) [Schneider et al. 2011] is a logic for reasoning about authorization in distributed systems. A revised version of NAL is given here, including revised syntax, a revised proof theory using localized hypotheses, and a new Kripke semantics. The proof theory is proved sound with respect to the semantics, and that proof is formalized in Coq

Belief Semantics of Authorization Logic

Authorization logics have been used in the theory of computer security to reason about access control decisions. In this work, a formal belief semantics for authorization logics is given. The belief semantics is proved to subsume a standard Kripke semantics. The belief semantics yields a direct representation of principals' beliefs, without resorting to the technical machinery used in Kripke semantics. A proof system is given for the logic; that system is proved sound with respect to the belief and Kripke semantics. The soundness proof for the belief semantics, and for a variant of the Kripke semantics, is mechanized in Coq

Endogenous Decentralization in Federal Environmental Policies

Under most federal environmental laws and some health and safety laws, states may apply for "primacy," that is, authority to implement and enforce federal law, through a process known as "authorization." Some observers fear that states use authorization to adopt more lax policies in a regulatory "race to the bottom." This paper presents a simple model of the interaction between the federal and state governments in such a scheme of partial decentralization. Our model suggests that the authorization option may not only increase social welfare but also allow more stringent environmental regulations than would otherwise be feasible. Our model also suggests that the federal government may choose its policies so that states that desire more strict regulation authorize, while other states remain under the federal program. We then test this hypothesis using data on federal regulation of water pollution and of hazardous waste, which are two of the most important environmental programs to allow authorization. We find that states that prefer more environmental protection authorize more quickly under both policies. This evidence suggests that states seek authorization to adopt more strict policies instead of more lax policies compared to federal policies.