2,284 research outputs found
Automated Certification of Authorisation Policy Resistance
Attribute-based Access Control (ABAC) extends traditional Access Control by
considering an access request as a set of pairs attribute name-value, making it
particularly useful in the context of open and distributed systems, where
security relevant information can be collected from different sources. However,
ABAC enables attribute hiding attacks, allowing an attacker to gain some access
by withholding information. In this paper, we first introduce the notion of
policy resistance to attribute hiding attacks. We then propose the tool ATRAP
(Automatic Term Rewriting for Authorisation Policies), based on the recent
formal ABAC language PTaCL, which first automatically searches for resistance
counter-examples using Maude, and then automatically searches for an Isabelle
proof of resistance. We illustrate our approach with two simple examples of
policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will
be presented at ESORICS 201
Lucretia - intersection type polymorphism for scripting languages
Scripting code may present maintenance problems in the long run. There is,
then, the call for methodologies that make it possible to control the
properties of programs written in dynamic languages in an automatic fashion. We
introduce Lucretia, a core language with an introspection primitive. Lucretia
is equipped with a (retrofitted) static type system based on local updates of
types that describe the structure of objects being used. In this way, we deal
with one of the most dynamic features of scripting languages, that is, the
runtime modification of object interfaces. Judgements in our systems have a
Hoare-like shape, as they have a precondition and a postcondition part.
Preconditions describe static approximations of the interfaces of visible
objects before a certain expression has been executed and postconditions
describe them after its execution. The field update operation complicates the
issue of aliasing in the system. We cope with it by introducing intersection
types in method signatures.Comment: In Proceedings ITRS 2014, arXiv:1503.0437
Canonical Completeness in Lattice-Based Languages for Attribute-Based Access Control
The study of canonically complete attribute-based access control (ABAC)
languages is relatively new. A canonically complete language is useful as it is
functionally complete and provides a "normal form" for policies. However,
previous work on canonically complete ABAC languages requires that the set of
authorization decisions is totally ordered, which does not accurately reflect
the intuition behind the use of the allow, deny and not-applicable decisions in
access control. A number of recent ABAC languages use a fourth value and the
set of authorization decisions is partially ordered. In this paper, we show how
canonical completeness in multi-valued logics can be extended to the case where
the set of truth values forms a lattice. This enables us to investigate the
canonical completeness of logics having a partially ordered set of truth
values, such as Belnap logic, and show that ABAC languages based on Belnap
logic, such as PBel, are not canonically complete. We then construct a
canonically complete four-valued logic using connections between the generators
of the symmetric group (defined over the set of decisions) and unary operators
in a canonically suitable logic. Finally, we propose a new authorization
language , an extension of PTaCL, which
incorporates a lattice-ordered decision set and is canonically complete. We
then discuss how the advantages of can be
leveraged within the framework of XACML
Security Policy Alignment:A Formal Approach
Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks, firewalls and employee behavior, and this refinement should be correct with respect to the original policy. Although alignment of security policies in socio-technical systems has been discussed in the literature, especially in relation to business goals, there has been no formal treatment of this topic so far in terms of consistency and completeness of policies. Wherever formal approaches are used in policy alignment, these are applied to well-defined technical access control scenarios instead. Therefore, we aim at formalizing security policy alignment for complex socio-technical systems in this paper, and our formalization is based on predicates over sequences of actions. We discuss how this formalization provides the foundations for existing and future methods for finding security weaknesses induced by misalignment of policies in socio-technical systems
Prices, Profits, Proxies, and Production
This paper studies nonparametric identification and counterfactual bounds for
heterogeneous firms that can be ranked in terms of productivity. Our approach
works when quantities and prices are latent rendering standard approaches
inapplicable. Instead, we require observation of profits or other
optimizing-values such as costs or revenues, and either prices or price proxies
of flexibly chosen variables. We extend classical duality results for
price-taking firms to a setup with discrete heterogeneity, endogeneity, and
limited variation in possibly latent prices. Finally, we show that convergence
results for nonparametric estimators may be directly converted to convergence
results for production sets.Comment: This paper was previously circulated with the title "Prices, Profits,
and Production
TDL--- A Type Description Language for Constraint-Based Grammars
This paper presents \tdl, a typed feature-based representation language and
inference system. Type definitions in \tdl\ consist of type and feature
constraints over the boolean connectives. \tdl\ supports open- and closed-world
reasoning over types and allows for partitions and incompatible types. Working
with partially as well as with fully expanded types is possible. Efficient
reasoning in \tdl\ is accomplished through specialized modules.Comment: Will Appear in Proc. COLING-9
- …