Distributed Proving in Access-Control Systems

Lujo Bauer; Scott Garriss; Michael K. Reiter

doi:10.1109/SP.2005.9

S
SP
2005
2005 IEEE Symposium on Security and Privacy (S&P'05)
Abstract - Distributed Proving in Access-Control Systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Lujo Bauer Articles by Scott Garriss Articles by Michael K. Reiter

2005 IEEE Symposium on Security and Privacy (S&P'05)

Distributed Proving in Access-Control Systems

Oakland, California

May 08-May 11

ISBN: 0-7695-2339-0

	ASCII Text	x
	Lujo Bauer, Scott Garriss, Michael K. Reiter, "Distributed Proving in Access-Control Systems," Security and Privacy, IEEE Symposium on, pp. 81-95, 2005 IEEE Symposium on Security and Privacy (S&P'05), 2005.

	BibTex	x
	@article{ 10.1109/SP.2005.9, author = {Lujo Bauer and Scott Garriss and Michael K. Reiter}, title = {Distributed Proving in Access-Control Systems}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2005}, issn = {1081-6011}, pages = {81-95}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2005.9}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Distributed Proving in Access-Control Systems SN - 1081-6011 SP81 EP95 A1 - Lujo Bauer, A1 - Scott Garriss, A1 - Michael K. Reiter, PY - 2005 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Lujo Bauer, CyLab, Carnegie Mellon University

Scott Garriss, Carnegie Mellon University

Michael K. Reiter, CyLab, Carnegie Mellon University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2005.9

We present a distributed algorithm for assembling a proof that a request satisfies an access-control policy expressed in a formal logic, in the tradition of Lampson et al. We show analytically that our distributed proof-generation algorithm succeeds in assembling a proof whenever a centralized prover utilizing remote certificate retrieval would do so. In addition, we show empirically that our algorithm outperforms centralized approaches in various measures of performance and usability, notably the number of remote requests and the number of user interruptions. We show that when combined with additional optimizations including caching and automatic tactic generation, which we introduce here, our algorithm retains its advantage, while achieving practical performance. Finally, we briefly describe the utilization of these algorithms as the basis for an access-control framework being deployed for use at our institution.

Citation:

Lujo Bauer, Scott Garriss, Michael K. Reiter, "Distributed Proving in Access-Control Systems," sp, pp.81-95, 2005 IEEE Symposium on Security and Privacy (S&P'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.