62,661 research outputs found
Manufacturer origin attestation for device user authorization
This disclosure describes techniques for user authentication and authorization for devices with support for manufacturer origin attestation. A client attestation certificate allows an authorization service to associate a device with its manufacturer (client). A unique client identifier is assigned by the authorization service to the client. The client assigns a unique instance certificate to each device. During initial authorization, each device uses a trusted local channel to establish identification before the authorization service and obtain an authorization code. The authorization code, the device instance attestation certificate chain, and a proof of possession of the instance key, in the form of a signed message that includes the authorization code, are supplied by the device for verification. Upon verification of the supplied code and the signed message, the authorization service returns user credentials for the device
Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures (Full version)
A widespread design approach in distributed applications based on the
service-oriented paradigm, such as web-services, consists of clearly separating
the enforcement of authorization policies and the workflow of the applications,
so that the interplay between the policy level and the workflow level is
abstracted away. While such an approach is attractive because it is quite
simple and permits one to reason about crucial properties of the policies under
consideration, it does not provide the right level of abstraction to specify
and reason about the way the workflow may interfere with the policies, and vice
versa. For example, the creation of a certificate as a side effect of a
workflow operation may enable a policy rule to fire and grant access to a
certain resource; without executing the operation, the policy rule should
remain inactive. Similarly, policy queries may be used as guards for workflow
transitions.
In this paper, we present a two-level formal verification framework to
overcome these problems and formally reason about the interplay of
authorization policies and workflow in service-oriented architectures. This
allows us to define and investigate some verification problems for SO
applications and give sufficient conditions for their decidability.Comment: 16 pages, 4 figures, full version of paper at Symposium on Secure
Computing (SecureCom09
Hot Topic: E-Verify and Local Governments (2010)
E-Verify is the electronic employment eligibility verification system that all federal contractors must use to verify the employment authorization of employees performing work under a federal contract
Hot Topic: E-Verify and Local Governments (2011)
E-Verify is the electronic employment eligibility verification system that all federal contractors must use to verify the employment authorization of employees performing work under a federal contract
Electronic Employment Eligibility Verification
[Excerpt] Unauthorized immigration and unauthorized employment continue to be key issues in the ongoing debate over immigration policy. Today’s discussions about these issues build on the work of prior Congresses. In 1986, following many years of debate about unauthorized immigration to the United States, Congress passed the Immigration Reform and Control Act (IRCA). This law sought to address unauthorized immigration, in part, by requiring all employers to examine documents presented by new hires to verify identity and work authorization and to complete and retain employment eligibility verification (I 9) forms. Ten years later, in the face of a growing unauthorized population, Congress attempted to strengthen the employment verification process by establishing pilot programs for electronic verification, as part of the Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (IIRIRA).
The Basic Pilot program (known today as E Verify), the first of the three IIRIRA employment verification pilots to be implemented and the only one still in operation, began in November 1997. Originally scheduled to terminate in November 2001, it has been extended several times. It is currently authorized until September 30, 2018, in accordance with the Consolidated Appropriations Act, 2018 (P.L. 115 141).
E Verify is administered by the Department of Homeland Security’s (DHS’s) U.S. Citizenship and Immigration Services (USCIS). As of April 2, 2018, there were 779,722 employers enrolled in E Verify, representing more than 2.5 million hiring sites. E Verify is a largely voluntary program, but there are some mandatory participation requirements. Among them is a rule, which became effective in 2009, requiring certain federal contracts to contain a new clause committing contractors to use E Verify.
Under E Verify, participating employers enter information about their new hires (name, date of birth, Social Security number, immigration/citizenship status, and alien number, if applicable) into an online system. This information is automatically compared with information in Social Security Administration and, if necessary, DHS databases to verify identity and employment eligibility. Legislation on electronic employment eligibility verification has been considered in recent Congresses. In weighing proposals on electronic employment verification, Congress may find it useful to evaluate them in terms of their potential impact on a set of related issues: unauthorized employment; verification system accuracy, efficiency, and capacity; discrimination; employer compliance; privacy; and verification system usability and employer burden
Recommended from our members
Electronic Employment Eligibility Verification
[Excerpt] The policy issues discussed here may be especially important to consider in the context of proposals to require most or all employers to participate in E-Verify or another electronic employment eligibility verification system. A mandatory system could arguably make it possible to identify many more unauthorized workers. At the same time, under such a system, any inaccuracies, inefficiencies, or privacy breaches that occurred could affect much larger numbers of employees and employers. Employer compliance under a mandatory system would seem to be a salient issue, especially since it has direct implications for other issues, notably discrimination. Employer burden may be another important consideration. It may be that a mandatory system would require new strategies to address these issues
Recommended from our members
Integrity protection for code-on-demand mobile agents in e-commerce
The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand(CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection
- …