Alpaca: Extensible authorization for distributed services

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2007, Pages 432-444

  Lesniewski Laas, Chris ^a   Ford, Bryan ^a   Strauss, Jacob ^a   Morris, Robert ^a   Kaashoek, M Frans ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Authorization; Cryptography; Logic; Security; Theorem proving

Indexed keywords

AUTHENTICATION AND AUTHORIZATION; CRYPTOGRAPHIC ALGORITHMS; CRYPTOGRAPHIC PRIMITIVES; DISTRIBUTED SERVICE; DOMAIN SPECIFIC LANGUAGES; INTER-ORGANIZATION; LOGICAL AXIOMS; MODULAR APPROACH; NAMESPACES; PLUG-INS; PUBLIC-KEY INFRASTRUCTURE; SECURITY THEOREM;

AUTHENTICATION; PROBLEM ORIENTED LANGUAGES; PUBLIC KEY CRYPTOGRAPHY;

THEOREM PROVING;

EID: 77952364800     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1315245.1315299     Document Type: Conference Paper

References (57)

1. M. Abadi. Logic in access control. In IEEE Logic in Computer Science, June 2003.
2. M. Abadi. Access control in a core calculus of dependency. Electronic Notes in Theoretical Computer Science, 172:5-31, 2007.
3. M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Language Systems, 15 (4):706-734, 1993.
4. M. Abadi, E. Wobber, M. Burrows, and B. Lampson. Authentication in the Taos operating system. In ACM Symposium on Operating System Principles, pages 256-269, The Grove Park Inn and Country Club, Asheville, NC, 1993. ACM Press.
5. Akamai. http://www.akamai.com.
6. Amazon Elastic Compute Cloud. http://aws.amazon.com/ec2.
7. Amazon Simple Storage Service. http://aws.amazon.com/s3.
8. A. W. Appel and E. W. Felten. Proof-carrying authentication. In Proceedings of the 6th ACM Conference on Computer and Communications Security, Nov. 1999.
9. L. Bauer, S. Garriss, and M. Reiter. Distributed proving in access-control systems. IEEE Security and Privacy, pages 81-95, 2005.
10. L. Bauer, M. A. Schneider, and E. W. Felten. A proof-carrying authorization system. Technical Report CS-TR-638-01, Department of Computer Science, Princeton University, Apr. 2001.
11. L. Bauer, M. A. Schneider, and E. W. Felten. A general and flexible access-control system for the Web. In Proceedings of the 11th USENIX Security Symposium, pages 93-108, San Francisco, CA, Aug. 2002.
12. M. Y. Becker, C. Fournet, and A. D. Gordon. SecPAL: Design and semantics of a decentralized authorization language. Technical Report MSR-TR-2006-120, Microsoft Research, Sept. 2006.
13. M. Boesgaard, T. Christensen, and E. Zenner. Badger - a fast and provably secure MAC. In Applied Cryptography and Network Security, 2005.
14. N. Borisov and E. A. Brewer. Active certificates: A framework for delegation. In NDSS. The Internet Society, 2002.
15. K. D. Bowers, L. Bauer, D. Garg, F. Pfenning, and M. K. Reiter. Consumable credentials in linear-logic-based access-control systems. In Network and Distributed System Security Symposium, pages 143-157, Feb. 2007.
16. M. Burrows, M. Abadi, and R. Needham. A logic of authentication. In Proceedings of the Royal Society, volume 426, 1989.
17. J. Callas, L. Donnerhacke, H. Finney, and R. Thayer. OpenPGP message format. RFC 2440 (Proposed Standard), Nov. 1998.
18. D. Chaum and E. van Heyst. Group Signatures. In EUROCRYPT '91, 1991.
19. A. Cirillo, R. Jagadeesan, C. Pitcher, and J. Riely. Do As I SaY! Programmatic access control with explicit identities. In IEEE Computer Security Foundations Symposium, July 2007.
20. T. Coquand. Une Théorie des Constructions. PhD thesis, Université Paris, Jan. 1985.
21. J. DeTreville. Binder, a logic-based security language. In IEEE Security and Privacy, 2002.
22. T. Dierks and E. Rescorla. The TLS protocol version 1.1. draft-ietf-tls-rfc2246-bis-02.txt, Network Working Group, October 2002.
23. D. Eastlake 3rd. Domain Name System Security Extensions. RFC 2535 (Proposed Standard), Mar. 1999.
24. P. Efstathopoulos et al. Labels and event processes in the Asbestos operating system. In Proceedings of the 20th Symposium on Operating Systems Principles, Brighton, UK, October 2005.
25. C. Ellison et al. SPKI certificate theory. RFC 2693 (Experimental), Sept. 1999.
26. P. England, B. Lampson, J. Manferdelli, M. Peinado, and B. Willman. A trusted open platform. Computer, 36 (7):55-62, 2003.
27. FIPS 180-1. Secure Hash Standard. U. S. Department of Commerce/N. I. S. T., National Technical Information Service, Springfield, VA, April 1995.
28. FIPS 186-2. Digital Signature Standard (DSS). U. S. Department of Commerce/N. I. S. T., National Technical Information Service, Springfield, VA, January 2000.
29. B. Ford. VXA: A virtual architecture for durable compressed archives. In 4th USENIX Conference on File and Storage Technologies (FAST '05), San Francisco, California, December 2005.
30. B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris. Persistent personal names for globally connected mobile devices. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI '06), Seattle, Washington, November 2006.
31. D. Garg, L. Bauer, K. D. Bowers, F. Pfenning, and M. K. Reiter. A linear logic of authorization and knowledge. In Computer Security-ESORICS 2006:11th European Symposium on Research in Computer Security, volume 4189 of Lecture Notes in Computer Science, pages 297-312, Sept. 2006.
32. E. Gilbert, F. MacWilliams, and N. Sloane. Codes which detect deception. Bell System Technical Journal, 53 (3):405-424, 1974.
33. R. Harper, F. Honsell, and G. Plotkin. A framework for defining logics. In Symposium on Logic in Computer Science, pages 194-204. IEEE Computer Society Press, June 1987.
34. J. Howell and D. Kotz. End-to-end authorization. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, pages 151-164, 2000.
35. J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS) 1. RFC 3447, 2003.
36. U. Maurer. Information-theoretic cryptography. Advances in Cryptology, 99:47-64.
37. D. Mazières, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating key management from file system security. In 17th ACM Symposium on Operating Systems Principles (SOSP '99), pages 124-139, Kiawah Island, South Carolina, December 1999.
38. V. Miller. Use of elliptic curves in cryptography. In CRYPTO, 1985.
39. G. C. Necula and P. Lee. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL '97), pages 106-119, Paris, Jan. 1997.
40. G. C. Necula and P. Lee. Efficient representation and validation of proofs. In IEEE Logic in Computer Science, pages 93-104, 1998.
41. P. Nikander and J. Laganier. An IPv6 prefix for overlay routable cryptographic hash identifiers (ORCHID). RFC 4843, 2007.
42. T. Nipkow and L. C. Paulson. Isabelle-91. In D. Kapur, editor, 11th International Conference on Automated Deduction, pages 673-676, Saratoga Springs, NY, 1992. Springer-Verlag LNAI 607.
43. OpenID. http://openid.net/.
44. F. Pfenning. Logic programming in the LF logical framework. In G. Huet and G. Plotkin, editors, Logical Frameworks, pages 149-181. Cambridge University Press, 1991.
45. PlanetLab. http://www.planet-lab.org.
46. E. Rescorla. HTTP Over TLS. RFC 2818 (Informational), May 2000.
47. V. Rijmen and P. S. L. M. Barreto. The WHIRLPOOL hash function, 2001.
48. R. Rivest. Re: The Pure Crypto Project's hash function. Message to cryptography@metzdowd.com mailing list, May 2003.
49. R. L. Rivest and B. Lampson. SDSI - a simple distributed security infrastructure. Presented at CRYPTO'96 Rumpsession, 1996.
50. RSA SecurID token. http://www.rsa.com.
51. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63 (9):1278-1308, Sept. 1975.
52. A. Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, 1984.
53. J. G. Steiner, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In USENIX Winter, pages 191-202, 1988.
54. D. R. Stinson. Universal hashing and authentication codes. Design, Codes, and Cryptography, 4 (4):369-380, 1994.
55. A. S. Troelstra. Constructivism and proof theory.
56. X. Wang, Y. Yin, and H. Yu. Finding collisions in the full SHA-1. In CRYPTO, 2005.
57. M. N. Wegman and J. L. Carter. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences, 22:265-279, 1981.