Research Interests:
Research Interests:
Classic Take-Grant Protection Systems model Capabil- ity based security systems too crudely for many practi- cal purposes. We analyze the reason for this weakness, and conclude that a formalism that uses graph rewrit- ing to model... more
Classic Take-Grant Protection Systems model Capabil- ity based security systems too crudely for many practi- cal purposes. We analyze the reason for this weakness, and conclude that a formalism that uses graph rewrit- ing to model Capability Systems, needs rules to express transformations on graphs with labeled vertices, in ad- dition to labeled arcs. We compare Take-Grant Systems to the Protection Systems proposed in 1976 by Harrison, Ruzzo and Ull- man, and synthesize a new formalism of "Authority Re- duction Systems" that combines the strengths of both. The novel formalism can not only model rich Capabil- ity based systems and Access Matrix based systems but also new "mixed" systems. We define a subclass of "Saturated" Authority Re- duction Systems for which the safety problem is decid- able. Some initial examples show that the formalism is capable of modeling interesting and non-trivial systems.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Abstract. When practicing secure programming, it is important to understand the restrictive influence programmed,entities have on the propagation of authority in a program. To precisely model authority propagation in patterns of... more
Abstract. When practicing secure programming, it is important to understand the restrictive influence programmed,entities have on the propagation of authority in a program. To precisely model authority propagation in patterns of interacting entities, we have generalized an earlier formalism [SV05b] into “Knowledge behaviour Models” (KBM). To describe such patterns, we present a new domain specific declarative language SCOLL (Safe Collaboration
Research Interests:
Research Interests:
The design and implementation of a capability secure multi-paradigm language should be guided from its conception by proven principles of secure language design. In this position paper we present the Oz-E project, aimed at building an... more
The design and implementation of a capability secure multi-paradigm language should be guided from its conception by proven principles of secure language design. In this position paper we present the Oz-E project, aimed at building an Oz-like secure language, named in tribute of E [MMF00] and its designers and users who contributed greatly to the ideas presented here. We synthesize the principles for secure language design from the experiences with the capability-secure languages E and the W7-kernel for Scheme 48 [Ree96]. These principles will be used as primary guidelines during the project. We propose a layered structure for Oz-E and discuss some important security concerns, without aiming for completeness at this early stage.