On generalized authorization problems

Proceedings of the Computer Security Foundations Workshop

Volumn 2003-January, Issue , 2003, Pages 202-216

  Schwoon, S ^a   Jha, S ^b   Reps, T ^b   Stubblebine, S ^c  

^a UNIVERSITY OF STUTTGART   (Germany)

^b University of Wisconsin Madison   (United States)

^c Stubblebine Research Labs LLC   (United States)

Author keywords

Access control; Authentication; Authorization; Contracts; Government; Privacy; Public key; Resource management; Security; Specification languages

Indexed keywords

ACCESS CONTROL; ALGORITHMS; CONTRACTS; DATA PRIVACY; PROBLEM SOLVING; SECURITY OF DATA; SECURITY SYSTEMS; SPECIFICATION LANGUAGES;

AUTHORIZATION; GOVERNMENT; PUBLIC KEYS; RESOURCE MANAGEMENT; SECURITY;

AUTHENTICATION;

EID: 84942241879     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSFW.2003.1212714     Document Type: Conference Paper

References (50)

1. A. Aho, R. Sethi, and J. Ullman. Compilers: Principles, Techniques and Tools. Addison-Wesley, 1985.
2. R. Alur, K. Etessami, and M. Yannakakis. Analysis of recursive state machines. In Proc. Computer-Aided Verif., July 2001.
3. A. Appel and E. Felten. Proof-carrying authentication. In Conf. on Comp. and Commun. Sec., Nov. 1999.
4. T. Aura and C. Ellison. Privacy and accountability in certificate systems. Res. Rep. A61, Helsinki Univ. of Tech., Espoo, Finland, Apr. 2000.
5. D. Bell and L. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, MITRE Corp. MTR-2997, Bedford, MA. Available as NTIS AD-A023 588.
6. M. Benedikt, P. Godefroid, and T. Reps. Model checking of unrestricted hierarchical state machines. In ICALP '01, 2001.
7. T. Beth, M. Borcherding, and B. Klein. Valuation of trust in open networks. In Computer Security - ESORICS '94, volume 875 of Lec. Notes in Comp. Sci., pages 3-18. Springer-Verlag, 1994.
8. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote trust-management system version 2. RFC 2704, Sept. 1999.
9. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The role of trust management in distributed systems security. In Vitek and Jensen, editors, Secure Internet Programming: Security Issues for Mobile and Distributed Objects, pages 185-210, 1999. LNCS 1603.
10. A. Bley. On the complexity of vertex-disjoint length restricted path problems. Tech. Rep. SC-98-20, Konrad-Zuse-Zentrum für Informationstechnik, Berlin, Ger., 1998.
11. A. Bouajjani, J. Esparza, and O. Maler. Reachability analysis of pushdown automata: Application to model checking. In Proc. CONCUR, volume 1243 of Lec. Notes in Comp. Sci., pages 135-150. Springer-Verlag, 1997.
12. A. Bouajjani, J. Esparza, and T. Touili. A generic approach to the static analysis of concurrent programs with procedures. pages 62-73, 2003.
13. D. Brewer and M. Nash. The Chinese wall security policy. In Symp. on Sec. and Privacy, pages 206-214, 1989.
14. H. Chen and D. Wagner. MOPS: An infrastructure for examining security properties of software. In Conf. on Comp. and Commun. Sec., November 2002.
15. Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust management for Web applications. Computer Networks and ISDN Systems, 29(8-13):953-964, Sept. 1997.
16. D. Clarke, J.-E. Elien, C. Ellison, M. Fredette, A. Morcos, and R. Rivest. Certificate chain discovery in SPKI/SDSI. JCS, 9, 2001.
17. D. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5), 1976.
18. J. DeTreville. Binder, a logic-based security language. In Symp. on Res. in Sec. and Privacy, Oakland, CA, May 2002. IEEE Computer Society Press.
19. C. Ellison, B. Frantz, B. Lampson, R. L. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. RFC 2693, Sept. 1999.
20. J. Esparza, D. Hansel, P. Rossmanith, and S. Schwoon. Efficient algorithms for model checking pushdown systems. In Proc. Computer-Aided Verif., volume 1855 of Lec. Notes in Comp. Sci., pages 232-247, July 2000.
21. J. Esparza, A. Kučera, and S. Schwoon. Model-checking LTL with regular valuations for pushdown systems. In Proceedings of TACAS'01, volume 2031 of LNCS, pages 306-339. Springer, 2001.
22. J. Halpern and R. van der Meyden. A logical reconstruction of SPKI. In Comp. Sec. Found. Workshop, pages 59-70, 2001.
23. T. Jensen, D. Le Metayer, and T. Thorn. Verification of control flow based security properties. In 1999 IEEE Symposium on Security and Privacy, May 1999.
24. S. Jha and T. Reps. Analysis of SPKI/SDSI certificates using model checking. In IEEE Comp. Sec. Found. Workshop (CSFW). IEEE Computer Society Press, 2002.
25. A. Jsang. An algebra for assessing trust in certification chains. In J. Kochmar, editor, Proceedings of the Network and Distributed Systems Security Symposium (NDSS'99), 1999.
26. J. Knoop and B. Steffen. The interprocedural coincidence theorem. In Int. Conf. on Comp. Construct., pages 125-140, 1992.
27. D. Knuth. A generalization of Dijkstra's algorithm. Inf. Proc. Let., 5(1):1-5, 1977.
28. R. Kohlas and U. Maurer. Confidence valuation in a public-key infrastructure based on uncertain evidence. In Public Key Cryptography, pages 93-112, 2000.
29. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. Trans. on Comp. Syst,, 10(4):265-310, 1992.
30. N. Li, W. Winsborough, and J. Mitchell. Distributed credential chain discovery in trust management. To appear in J. Comp. Sec..
31. U. Maurer. Modeling a public-key infrastructure. In Computer Security - ESORICS '96, volume 1146 of Lec. Notes in Comp. Sci. Springer-Verlag, 1996.
32. Y. Perl and D. Ronen. Heuristics for finding a maximum number of disjoint bounded paths. Networks, 14:531-544, 1984.
33. F. Pfenning and C. Schürmann. System description: Twelf - a meta-logical framework for deductive systems. In H. Ganzinger, editor, Int. Conf. on Auto. Deduc., pages 202-206. Springer-Verlag, LNAI 1632, July 1999.
34. G. Ramalingam. Bounded Incremental Computation, volume 1089 of Lec. Notes in Comp. Sci. Springer-Verlag, 1996.
35. M. Reiter and S. Stubblebine. Resilient authentication using path independence. Trans. on Computers, 47(12):1351-1362, Dec. 1998.
36. M. Reiter and S. Stubblebine. Authentication metric analysis and design. Trans. on Inf. and Syst. Sec., 2(2), May 1999.
37. T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Symp. on Princ. of Prog. Lang., pages 49-61, New York, NY, 1995. ACM Press.
38. T. Reps, S. Schwoon, and S. Jha. Weighted pushdown systems and their application to interprocedural dataflow analysis. In 10th International Static Analysis Symposium (SAS), 2003.
39. R. Rivest. Can we eliminate certificate revocation lists? In R. Hirschfeld, editor, Financial Cryptography, pages 178-183, Feb. 1998.
40. G. Rote. Path problems in graphs. In G. Tinhofer, E. Mayr, H. Noltemeier, and M.M. Syslo (eds.) in cooperation with R. Albrecht, Computational Graphs Theory, Springer-Verlag Computing Supplementum 7. 1990.
41. M. Sagiv, T. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comp. Sci., 167:131-170, 1996.
42. S. Schwoon. WPDS - a library for Weighted Pushdown Systems, 2003. http://www7.in.tum.de/~schwoon/moped.
43. M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In S. Muchnick and N. Jones, editors, Program Flow Analysis: Theory and Applications, chapter 7, pages 189-234. Prentice-Hall, Englewood Cliffs, NJ, 1981.
44. S. Stubblebine. Recent-secure authentication: Enforcing revocation in distributed systems. In Symp. on Research in Sec. and Privacy, pages 224-234, May 1995.
45. S. Stubblebine and R. Wright. An authentication logic with formal semantics supporting synchronization, revocation, and recency. Trans. on Softw. Eng., 28(3), Mar. 2002.
46. U. Möencke and R. Wilhelm. Grammar flow analysis. In H. Alblas and B. Melichar, editors, Attribute Grammars, Applications and Systems, volume 545 of Lec. Notes in Comp. Sci., pages 151-186, Prague, Czechoslovakia, June 1991. Springer-Verlag.
47. I. T. Union. ITU-T recommendation X.509 (08/97) - information technology - open systems interconnection - the directory: Authentication framework, Aug. 1997.
48. U.S. Department of Defense. DoD Trusted Computer System Evaluation Criteria (DOD 5200.28-STD). 1985.
49. S. Weeks. Understanding trust management systems. In Symp. on Res. in Sec. and Privacy, Oakland, CA, May 2001. IEEE Computer Society Press.
50. P. Zimmermann. The Official PGP User's Guide. MIT Press, Cambridge, 1995.