Search For:

Displaying 1-13 out of 13 total
On Safety in Discretionary Access Control
Found in: Security and Privacy, IEEE Symposium on
By Ninghui Li, Mahesh V. Tripunitara
Issue Date:May 2005
pp. 96-109
An apparently prevailing myth is that safety is undecidable in Discretionary Access Control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable. In this paper, we dispel this myth. We argue that DAC should not be equ...
 
Payments for Outsourced Computations
Found in: IEEE Transactions on Parallel and Distributed Systems
By Bogdan Carbunar,Mahesh V. Tripunitara
Issue Date:February 2012
pp. 313-320
With the recent advent of cloud computing, the concept of outsourcing computations, initiated by volunteer computing efforts, is being revamped. While the two paradigms differ in several dimensions, they also share challenges, stemming from the lack of tru...
 
Composing Kerberos and Multimedia Internet KEYing (MIKEY) for AuthenticatedTransport of Group Keys
Found in: IEEE Transactions on Parallel and Distributed Systems
By Jeffrey Lok Tin Woo,Mahesh V. Tripunitara
Issue Date:April 2014
pp. 898-907
We motivate and present two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY) for authenticated transport of cryptographic keys for secure group-communication in enterpr...
 
The Foundational Work of Harrison-Ruzzo-Ullman Revisited
Found in: IEEE Transactions on Dependable and Secure Computing
By Mahesh V. Tripunitara,Ninghui Li
Issue Date:January 2013
pp. 28-39
The work by Harrison, Ruzzo, and Ullman (the HRU paper) on safety in the context of the access matrix model is widely considered to be foundational work in access control. In this paper, we address two errors we have discovered in the HRU paper. To our kno...
 
Social Learning Applications in Resource Constrained Networks
Found in: Computational Science and Engineering, IEEE International Conference on
By Ali Saidi, Mahesh V. Tripunitara, Mojdeh Mohtashemi
Issue Date:August 2009
pp. 256-262
Efficient design of social networking applications must take account of two guiding principles: the adaptive processes by which humans learn and spread new information, and the communication and technological constraints that in turn define the boundaries ...
 
A Middleware Approach to Asynchronous and Backward Compatible Detection and Prevention of ARP Cache Poisoning
Found in: Computer Security Applications Conference, Annual
By Mahesh V. Tripunitara, Partha Dutta
Issue Date:December 1999
pp. 303
This paper discusses the Address Resolution Protocol (ARP) and the problem of ARP cache poisoning. ARP cache poisoning is the malicious act, by a host in a LAN, of introducing a spurious IP address to MAC (Ethernet) address mapping in another host's ARP ca...
 
An authorization scheme for version control systems
Found in: Proceedings of the 16th ACM symposium on Access control models and technologies (SACMAT '11)
By Hiren D. Patel, Mahesh V. Tripunitara, Sitaram Chamarty
Issue Date:June 2011
pp. 123-132
We present gitolite, an authorization scheme for Version Control Systems (VCSes). We have implemented it for the Git VCS. A VCS enables versioning, distributed collaboration and several other features, and is an important context for authorization and acce...
     
Efficient access enforcement in distributed role-based access control (RBAC) deployments
Found in: Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT '09)
By Bogdan Carbunar, Mahesh V. Tripunitara
Issue Date:June 2009
pp. 1-22
We address the distributed setting for enforcement of a centralized Role-Based Access Control (RBAC) protection state. We present a new approach for time- and space-efficient access enforcement. Underlying our approach is a data structure that we call a ca...
     
On mutually exclusive roles and separation-of-duty
Found in: ACM Transactions on Information and System Security (TISSEC)
By Mahesh V. Tripunitara, Ninghui Li, Ziad Bizri
Issue Date:May 2007
pp. 5-es
Separation-of-duty (SoD) is widely considered to be a fundamental principle in computer security. A static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number o...
     
Security analysis in role-based access control
Found in: ACM Transactions on Information and System Security (TISSEC)
By Mahesh V. Tripunitara, Ninghui Li
Issue Date:November 2006
pp. 391-420
The administration of large role-based access control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation grea...
     
Resiliency policies in access control
Found in: Proceedings of the 13th ACM conference on Computer and communications security (CCS '06)
By Mahesh V. Tripunitara, Ninghui Li, Qihua Wang
Issue Date:October 2006
pp. 113-123
We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that, upon removal of any s users, there ...
     
Comparing the expressive power of access control models
Found in: Proceedings of the 11th ACM conference on Computer and communications security (CCS '04)
By Mahesh V. Tripunitara, Ninghui Li
Issue Date:October 2004
pp. 62-71
Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. Such comparisons are generally based on simulations between different access control schemes. However, the definitions for simulations that...
     
On mutually-exclusive roles and separation of duty
Found in: Proceedings of the 11th ACM conference on Computer and communications security (CCS '04)
By Mahesh V. Tripunitara, Ninghui Li, Ziad Bizri
Issue Date:October 2004
pp. 42-51
Separation of Duty (SoD) is widely considered to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number o...
     
 1