发布求助
文献互助 智能选刊 最新文献

19th IEEE Computer Security Foundations Workshop (CSFW'06)最新文献

筛选
英文 中文
Managing policy updates in security-typed languages 用安全类型语言管理策略更新
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.17
N. Swamy, M. Hicks, Stephen Tse, S. Zdancewic
{"title":"Managing policy updates in security-typed languages","authors":"N. Swamy, M. Hicks, Stephen Tse, S. Zdancewic","doi":"10.1109/CSFW.2006.17","DOIUrl":"https://doi.org/10.1109/CSFW.2006.17","url":null,"abstract":"This paper presents Rx, a new security-typed programming language with features intended to make the management of information-flow policies more practical. Security labels in Rx, in contrast to prior approaches, are defined in terms of owned roles, as found in the RT role-based trust-management framework. Role-based security policies allow flexible delegation, and our language Rx provides constructs through which programs can robustly update policies and react to policy updates dynamically. Our dynamic semantics use statically verified transactions to eliminate illegal information flows across updates, which we call transitive flows. Because policy updates can be observed through dynamic queries, policy updates can potentially reveal sensitive information. As such, Rx considers policy statements themselves to be potentially confidential information and subject to information-flow metapolicies","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132749075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
Simulation-based security with inexhaustible interactive Turing machines 基于仿真的安全与无穷无尽的交互图灵机
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.30
Ralf Küsters
{"title":"Simulation-based security with inexhaustible interactive Turing machines","authors":"Ralf Küsters","doi":"10.1109/CSFW.2006.30","DOIUrl":"https://doi.org/10.1109/CSFW.2006.30","url":null,"abstract":"Recently, there has been much interest in extending models for simulation-based security in such a way that the runtime of protocols may depend on the length of their input. Finding such extensions has turned out to be a non-trivial task. In this work, we propose a simple, yet expressive general computational model for systems of interactive Turing machines (ITMs) where the runtime of the ITMs may be polynomial per activation and may depend on the length of the input received. One distinguishing feature of our model is that the systems of ITMs that we consider involve a generic mechanism for addressing dynamically generated copies of ITMs. We study properties of such systems and, in particular, show that systems satisfying a certain acyclicity condition run in polynomial time. Based on our general computational model, we state different notions of simulation-based security in a uniform and concise way, study their relationships, and prove a general composition theorem for composing a polynomial number of copies of protocols, where the polynomial is determined by the environment. The simplicity of our model is demonstrated by the fact that many of our results can be proved by mere equational reasoning based on a few equational principles on systems","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125022265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 98
Distributed authorization using delegation with acyclic paths 使用带有非循环路径的委托进行分布式授权
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.12
A. Lain, M. Mowbray
{"title":"Distributed authorization using delegation with acyclic paths","authors":"A. Lain, M. Mowbray","doi":"10.1109/CSFW.2006.12","DOIUrl":"https://doi.org/10.1109/CSFW.2006.12","url":null,"abstract":"We present a new trust management scheme for distributed authorization which can be easily implemented using X.509-based certificate chains, but does not require globally unique role names. A principal proves that he has authorization for a particular action by demonstrating the existence of an acyclic chain of bindings from a specified principal to himself where the sequence of labels in the chain matches a template. This template is in an easily-computed subset of regular path expressions. Our restrictions to acyclic paths and to a subset of path expressions enable us to permit controlled delegation, relax the requirement of global agreement on role names, and provide an intuitive abstraction. We show that some useful security properties can be determined in polynomial time. Our scheme has been used in practice to secure a management framework for distributed components: we give an overview of the implementation","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"60 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126983473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Games for controls 控制游戏
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.14
K. Chatterjee, R. Jagadeesan, Corin Pitcher
{"title":"Games for controls","authors":"K. Chatterjee, R. Jagadeesan, Corin Pitcher","doi":"10.1109/CSFW.2006.14","DOIUrl":"https://doi.org/10.1109/CSFW.2006.14","url":null,"abstract":"We argue that games are expressive enough to encompass (history-based) access control, (resource) usage control (e.g., dynamic adaptive access control of reputation systems), accountability based controls (e.g., insurance), controls derived from rationality assumptions on participants (e.g., network mechanisms), and their composition. Building on the extensive research into games, we demonstrate that this expressive power coexists with a formal analysis framework comparable to that available for access control","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132082699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信