enter search term and/or author name
Detecting and resolving policy misconfigurations in access-control systems
Lujo Bauer, Scott Garriss, Michael K. Reiter
Article No.: 2
Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e.g., health care), very severe consequences. In this article we...
Authorization recycling in hierarchical RBAC systems
Qiang Wei, Jason Crampton, Konstantin Beznosov, Matei Ripeanu
Article No.: 3
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a...
This article presents a hierarchy of privacy notions that covers multiple anonymity and unlinkability variants. The underlying definitions, which are based on the idea of indistinguishability between two worlds, provide new insights into the...
Robust and efficient authentication of video stream broadcasting
Gabriele Oligeri, Stefano Chessa, Roberto Di Pietro, Gaetano Giunta
Article No.: 5
We present a novel video stream authentication scheme which combines signature amortization by means of hash chains and an advanced watermarking technique. We propose a new hash chain construction, the Duplex Hash Chain, which allows us to achieve...
Cross-application data provenance and policy enforcement
Article No.: 6
We present a new technique that can trace data provenance and enforce data access policies across multiple applications and machines. We have developed Garm, a tool that uses binary rewriting to implement this technique on arbitrary binaries....
Practical defenses against pollution attacks in wireless network coding
Jing Dong, Reza Curtmola, Cristina Nita-Rotaru
Article No.: 7
Recent studies have shown that network coding can provide significant benefits to network protocols, such as increased throughput, reduced network congestion, higher reliability, and lower power consumption. The core principle of network coding is...
Nexus authorization logic (NAL): Design rationale and applications
Fred B. Schneider, Kevin Walsh, Emin Gün Sirer
Article No.: 8
Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for”...
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
Glenn Bruns, Michael Huth
Article No.: 9
Access control to IT systems increasingly relies on the ability to compose policies. Hence there is benefit in any framework for policy composition that is intuitive, formal (and so “analyzable” and “implementable”),...
Access controls for oblivious and anonymous systems
Scott E. Coull, Matthew Green, Susan Hohenberger
Article No.: 10
The use of privacy-enhancing cryptographic protocols, such as anonymous credentials and oblivious transfer, could have a detrimental effect on the ability of providers to effectively implement access controls on their content. In this article, we...
Lightweight RFID authentication with forward and backward security
Mike Burmester, Jorge Munilla
Article No.: 11
We propose a lightweight RFID authentication protocol that supports forward and backward security. The only cryptographic mechanism that this protocol uses is a pseudorandom number generator (PRNG) that is shared with the backend Server....
Remote data checking using provable data possession
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Osama Khan, Lea Kissner, Zachary Peterson, Dawn Song
Article No.: 12
We introduce a model for provable data possession (PDP) that can be used for remote data checking: A client that has stored data at an untrusted server can verify that the server possesses the original data without retrieving it. The model...
False data injection attacks against state estimation in electric power grids
Yao Liu, Peng Ning, Michael K. Reiter
Article No.: 13
A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power...
Practical and efficient cryptographic enforcement of interval-based access control policies
Article No.: 14
The enforcement of access control policies using cryptography has received considerable attention in recent years and the security of such enforcement schemes is increasingly well understood. Recent work in the area has considered the efficient...