Technical Report series
TR home
TR search TR listserv
|
|
Dartmouth College Computer Science Technical Report series |
CS home TR home TR search TR listserv |
| By author: | A B C D E F G H I J K L M N O P Q R S T U V W Y Z | |
| By number: | 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986 | |
Abstract:
There is a recent trend toward rule-based authorization systems to achieve
flexible security policies. Also, new sensing technologies in pervasive
computing make it possible to define context-sensitive rules, such as ``allow
database access only to staff who are currently located in the main office.''
However, these rules, or the facts that are needed to verify authority, often
involve sensitive context information. This paper presents a secure
context-sensitive authorization system that protects confidential information in
facts or rules. Furthermore, our system allows multiple hosts in a distributed
environment to perform the evaluation of an authorization query in a
collaborative way; we do not need a universally trusted central host that
maintains all the context information. The core of our approach is to decompose
a proof for making an authorization decision into a set of sub-proofs produced
on multiple different hosts, while preserving the integrity and confidentiality
policies of the mutually untrusted principals operating these hosts. We prove
the correctness of our algorithm.
PDF (348KB)
Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]
Or copy and paste:
Kazuhiro Minami and
David Kotz,
"Secure Context-sensitive Authorization."
Dartmouth Computer Science Technical Report TR2004-529,
December 2004.
Want to be notified about new tech reports? Join our mailing list.
Want to search our technical reports?
Want us to mail you a paper copy of a report? Send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.