Evidence-Based Audit, Technical Appendix
作者: Karl Mazurak , Stephan A Zdancewic , Limin Jia , Jeffrey A Vaughan
DOI:
关键词:
摘要: Authorization logics provide a principled and flexible approach to specifying access control policies. One of their compelling benefits is that proof in the logic evidence an access-control decision has been made accordance with policy. Using such proofs for auditing reduces trusted computing base enables ability detect flaws complex authorization Moreover, structure itself useful, because normalization can yield information about relevance policy statements. Untrusted, but well-typed, applications resources through appropriate interface must obey create useful audit. This paper presents AURA0, based on dependently-typed variant DCC proves metatheoretic properties subject-reduction normalization. It shows utility proof-based number examples discusses several pragmatic issues be addressed this context.
jeffvaughan.net 参考文章(31)
Diana K. Smetters, Brent R. Waters, Dirk Balfanz, Glenn Durfee, Building an Encrypted and Searchable Audit Log. network and distributed system security symposium. ,(2004)
Frank Pfenning, Kevin D Bowers, Lujo Bauer, Michael K. Reiter, Consumable Credentials in Logic-Based Access Control ,(2006)
G.C. Necula, P. Lee, Efficient representation and validation of proofs logic in computer science. pp. 93- 104 ,(1998) , 10.1109/LICS.1998.705646
Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis, The role of trust management in distributed systems security Secure Internet programming. pp. 185- 210 ,(2001) , 10.1007/3-540-48749-2_8
Matt Bishop, Computer Security: Art and Science ,(2002)
Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, Peter Rutenbar, Device-enabled authorization in the grey system international conference on information security. pp. 431- 445 ,(2005) , 10.1007/11556992_31
L. Bauer, S. Garriss, M.K. Reiter, Distributed proving in access-control systems ieee symposium on security and privacy. pp. 81- 95 ,(2005) , 10.1109/SP.2005.9
J. DeTreville, Binder, a logic-based security language ieee symposium on security and privacy. pp. 105- 113 ,(2002) , 10.1109/SECPRI.2002.1004365
M. Abadi, Logic in access control logic in computer science. pp. 228- 233 ,(2003) , 10.1109/LICS.2003.1210062
Martín Abadi, Michael Burrows, Butler Lampson, Gordon Plotkin, A calculus for access control in distributed systems ACM Transactions on Programming Languages and Systems. ,vol. 15, pp. 706- 734 ,(1993) , 10.1145/155183.155225