Access Control Synthesis for Physical Spaces

Access-control requirements for physical spaces, like office buildings and airports, are best formulated from a global viewpoint in terms of system-wide requirements. For example, "there is an authorized path to exit the building from every room." In contrast, individual access-control components, such as doors and turnstiles, can only enforce local policies, specifying when the component may open. In practice, the gap between the system-wide, global requirements and the many local policies is bridged manually, which is tedious, error-prone, and scales poorly. We propose a framework to automatically synthesize local access control policies from a set of global requirements for physical spaces. Our framework consists of an expressive language to specify both global requirements and physical spaces, and an algorithm for synthesizing local, attribute-based policies from the global specification. We empirically demonstrate the framework's effectiveness on three substantial case studies. The studies demonstrate that access control synthesis is practical even for complex physical spaces, such as airports, with many interrelated security requirements

Force Open:Lightweight black box file repair

We present a novel approach for automatic repair of corrupted files that applies to any common file format and does not require knowledge of its structure. Our lightweight approach modifies the execution of a file viewer instead of the file data and makes use of instrumentation and execution hijacking, two techniques from software testing. It uses a file viewer as a black box and does not require access to its source code or any knowledge about its inner workings. We present our implementation of this approach and evaluate it on corrupted PNG, JPEG, and PDF files.ISSN:1742-2876ISSN:1873-202

Accountability in optimistic non-repudiation protocols

We analyze an optimistic fair non-repudiation protocol designed by Gürgens, Rudolph and Vogt (2005). Focusing on accountability of the trustee allows us to discover a number of shortcomings in this protocol. We contend that the reported shortcomings give sufficient reasons to any prudent court to dismiss evidences produced in this protocol. We propose modifications to the protocol, so that the trustee cannot collude with one of the participants to enforce a successful exchange of evidences without the other participant being involved in the exchange. We believe that our analysis method is applicable also to other optimistic non-repudiation protocols, in order to assess the amount of trust they place in the trustee