28 research outputs found
Design and semantics of a decentralized authorization language
We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to Datalog with Constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met
Belief Semantics of Authorization Logic
Authorization logics have been used in the theory of computer security to
reason about access control decisions. In this work, a formal belief semantics
for authorization logics is given. The belief semantics is proved to subsume a
standard Kripke semantics. The belief semantics yields a direct representation
of principals' beliefs, without resorting to the technical machinery used in
Kripke semantics. A proof system is given for the logic; that system is proved
sound with respect to the belief and Kripke semantics. The soundness proof for
the belief semantics, and for a variant of the Kripke semantics, is mechanized
in Coq
User-oriented Network Security Policy Specification
The configuration and management of security controls and applications is complex and not well understood by the majority of end-users (i.e. it typically requires specific skills). The security policy language simplifies this task and reduces the number of errors and anomalies. This paper proposes the specification of the two mechanisms for defining user’s security policies, namely High-level Security Policy Language (HSPL) and Medium-level Security Policy Language (MSPL). HSPL is suitable for expressing the protection requirements of typical non-technical users, while MSPL is a lower-levelabstraction useful for expressing specific configurations of security controls in a generic format (as such it is more appealing for technical users)
Secure File Sharing With Access Grants In Cloud
We first formally characterize an idea of shared ownership inside a document get to control demonstrate. We at that point propose two conceivable instantiations of our proposed shared ownership model. Our first arrangement, called Commune, depends on secure document dispersal and intrigue safe secret sharing to guarantee that all access gives in the cloud require the help of a concurred limit of owners. In that capacity, Commune can be utilized in existing mists without changes to the stages. Our second arrangement, named Comrade, influences the blockchain innovation so as to achieve accord on access control choice. In contrast to Commune, Comrade necessitates that the cloud can interpret get to control choices that achieve accord in the blockchain into capacity get to control rules, in this manner requiring minor changes to existing mists. We break down the security of our recommendations and think compare/evaluate their execution through usage using Amazon S3
A Lightweight Policy System for Body Sensor Networks
Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables finegrained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated. © 2009 IEEE.Published versio