Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Logic programming in the LF logical framework
Logical frameworks
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication in the Taos operating system
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Universal hashing and authentication codes
Designs, Codes and Cryptography
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
A General and Flexible Access-Control System for the Web
Proceedings of the 11th USENIX Security Symposium
Efficient Representation and Validation of Proofs
LICS '98 Proceedings of the 13th Annual IEEE Symposium on Logic in Computer Science
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Computer
Distributed Proving in Access-Control Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Access Control in a Core Calculus of Dependency
Electronic Notes in Theoretical Computer Science (ENTCS)
VXA: a virtual architecture for durable compressed archives
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Do As I SaY! Programmatic Access Control with Explicit Identities
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Persistent personal names for globally connected mobile devices
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Badger – a fast and provably secure MAC
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
A linear logic of authorization and knowledge
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Variations in Access Control Logic
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
A logic for authorization provenance
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Policy-based access control for weakly consistent replication
Proceedings of the 5th European conference on Computer systems
A modal deconstruction of access control logics
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
A constructive conditional logic for access control: a preliminary report
Proceedings of the 2010 conference on ECAI 2010: 19th European Conference on Artificial Intelligence
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
A conditional constructive logic for access control and its sequent calculus
TABLEAUX'11 Proceedings of the 20th international conference on Automated reasoning with analytic tableaux and related methods
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Belief semantics of authorization logic
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Extensible policy framework for heterogeneous network environments
International Journal of Information and Computer Security
Toward strong, usable access control for shared distributed data
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
Hi-index | 0.00 |
Traditional Public Key Infrastructures (PKI) have not lived up to their promise because there are too many ways to define PKIs, too many cryptographic primitives to build them with, and too many administrative domains with incompatible roots of trust. Alpaca is an authentication and authorization framework that embraces PKI diversity by enabling one PKI to "plug in" another PKI's credentials and cryptographic algorithms, allowing users of the latter to authenticate themselves to services using the former using their existing, unmodified certificates. Alpaca builds on Proof-Carrying Authorization (PCA), expressing a credential as an explicit proof of a logical claim. Alpaca generalizes PCA to express not only delegation policies but also the cryptographic primitives, credential formats, and namespace structures needed to use foreign credentials directly. To achieve this goal, Alpaca introduces a method of creating and naming new principals which behave according to arbitrary rules, a modular approach to logical axioms, and a domain-specific language specialized for reasoning about authentication. We have implemented Alpaca as a Python module that assists applications in generating proofs (e.g., in a client requesting access to a resource), and in verifying those proofs via a compact 800-line TCB (e.g., in a server providing that resource). We present examples demonstrating Alpaca's extensibility in scenarios involving inter-organization PKI interoperability and secure remote PKI upgrade.