670 research outputs found
Automated Certification of Authorisation Policy Resistance
Attribute-based Access Control (ABAC) extends traditional Access Control by
considering an access request as a set of pairs attribute name-value, making it
particularly useful in the context of open and distributed systems, where
security relevant information can be collected from different sources. However,
ABAC enables attribute hiding attacks, allowing an attacker to gain some access
by withholding information. In this paper, we first introduce the notion of
policy resistance to attribute hiding attacks. We then propose the tool ATRAP
(Automatic Term Rewriting for Authorisation Policies), based on the recent
formal ABAC language PTaCL, which first automatically searches for resistance
counter-examples using Maude, and then automatically searches for an Isabelle
proof of resistance. We illustrate our approach with two simple examples of
policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will
be presented at ESORICS 201
Formalisation and Implementation of the XACML Access Control Mechanism
We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control model for the specifica- tion and enforcement of access control policies. To clarify all ambiguous and intricate aspects of XACML, we provide it with a more manageable alternative syntax and with a solid semantic ground. This lays the basis
for developing tools and methodologies which allow software engineers to easily and precisely regulate access to resources using policies. To demonstrate feasibility and effectiveness of our approach, we provide a software tool, supporting the specification and evaluation of policies and access requests, whose implementation fully relies on our formal development
Transparency in Complex Computational Systems
Scientists depend on complex computational systems that are often ineliminably opaque, to the detriment of our ability to give scientific explanations and detect artifacts. Some philosophers have s..
Policy-based access control from numerical evidence
Increasingly, access to resources needs to be regulated or informed by considerations such as risk, cost, and reputation. We therefore propose a framework for policy languages, based on semi-rings, that aggregate quantitative evidence to support decision-making in access control systems. As aggregation operators \addition", \worst case", and \best case" over non- negative reals are both relevant in practice and amenable to analysis, we study an instance, Peal, of our framework in that setting. Peal is a stand-alone policy language but can also be integrated with existing policy languages. Peal policies can be synthesized into logical formulae that no longer make reference to quantities but capture all policy behavior. Satis ability checking of such formulae can be used to validate and analyze policies in this new evidence-based approach. We discuss a number of applications, including vacuity, redundancy, change-impact and safety analysis. The synthesis algorithm requires a form of subset enumeration, for which we develop bespoke algorithms and demonstrate experimentally that our algorithms work better than generic state exploration methods. We also sketch how our approach extends from non-negative reals to other semi-rings and even to rings such as the real numbers
Towards Modeling Software Quality of Virtual Reality Applications from Users' Perspectives
Virtual Reality (VR) technology has become increasingly popular in recent
years as a key enabler of the Metaverse. VR applications have unique
characteristics, including the revolutionized human-computer interaction
mechanisms, that distinguish them from traditional software. Hence, user
expectations for the software quality of VR applications diverge from those for
traditional software. Investigating these quality expectations is crucial for
the effective development and maintenance of VR applications, which remains an
under-explored area in prior research.
To bridge the gap, we conduct the first large-scale empirical study to model
the software quality of VR applications from users' perspectives. To this end,
we analyze 1,132,056 user reviews of 14,150 VR applications across seven app
stores through a semiautomatic review mining approach. We construct a taxonomy
of 12 software quality attributes that are of major concern to VR users. Our
analysis reveals that the VR-specific quality attributes are of utmost
importance to users, which are closely related to the most unique properties of
VR applications like revolutionized interaction mechanisms and immersive
experiences. Our examination of relevant user complaints reveals the major
factors impacting user satisfaction with VR-specific quality attributes. We
identify that poor design or implementation of the movement mechanisms, control
mechanisms, multimedia systems, and physics, can significantly degrade the user
experience. Moreover, we discuss the implications of VR quality assurance for
both developers and researchers to shed light on future work. For instance, we
suggest developers implement sufficient accessibility and comfort options for
users with mobility limitations, sensory impairments, and other specific needs
to customize the interaction mechanisms. Our datasets and results will be
released to facilitate follow-up studies
Modest Praise for Political Deliberation Elogio modesto a la deliberación política
ABSTRACT This text analyzes the relationship between political deliberation and democracy. Its content differs both from a scarcely normative idea of competitive politics, predominant in contemporary Political Science, and from a philosophical defense of the deliberation, founded on an idea of common reasonability or on an ideal of communicative speech. The central argument of the author is that deliberation constitutes a good instrument of improvement of competitive democracy. The reasons he gives are not those held by some contemporary political philosophers, inspired by problematic generalizations about the basic structures of the rationality and reasonability of citizens and their agents. The author stresses instead the capacity of deliberation to strengthen the epistemic and normative basis of the political decisions of the majority. The text discusses different visions of the benefits of political deliberation, some of then centered on their procedural conditions, others on the substantive quality of their results. Besides, this paper analyzes, from a perspective closer to a neo Aristotelian vision than to a modern contractualist tradition, the validity of the consensualist criteria to judge the quality of the deliberative reasons. Finally, the text identifies the democratic deliberation with a critical instance of the justifying discourses of the exercise of political power, within contexts of pluralism and disagreement. Key words: Democracy, Political Deliberation, Political Theory RESUMEN Este texto analiza las relaciones entre la deliberación política y la democracia. El mismo se desmarca tanto de una idea escasamente normativa de la política competitiva, predominante en la Ciencia Política contemporánea, como de una defensa filosófica de la deliberación, fundada en una idea de razonabilidad común o en un ideal de habla comunicativa. El argumento central del autor es que la deliberación constituye un buen instrumento de mejora de la democracia competitiva, pero no por las razones esgrimidas por algunos filósofos políticos contemporáneos, inspirados en problemáticas generalizaciones sobre las estructuras de racionalidad y razonabilidad de los ciudadano
An Information Security Education Initiative for Engineering and Computer Science
This paper puts forward a case for an educational initiative in information security at both the undergraduate and graduate levels. Its focus is on the need for such education, the desired educational outcomes, and how the outcomes may be assessed. A basic thesis of this paper is that the goals, methods, and evaluation techniques of information and computer security are consistent with and supportive of the stated goals of engineering education and the growing movement for outcomes-based assessment in higher education
- …