QuARC: expressive security mechanisms

Abstract

Security mechanisms in current distributed computer systems only allow a small range of security policies to be implemented. We present the QuARC (Quantitative Authentication, Rule-based roles and Committees) system, which uses some unusual mechanisms that allow it to implement a much wider variety of policies. This allows computer security policies to be much better aligned with organisational policies. The mechanisms discussed are quantitative authentication and vouching, rule-based roles with quantitative privileges, and committees. This paper provides an introduction to these mechanisms and shows how they are used in our system.