Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Rippling: a heuristic for guiding inductive proofs
Artificial Intelligence
Finding Regular Simple Paths in Graph Databases
SIAM Journal on Computing
Identifying loops using DJ graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Incremental computation of dominator trees
ACM Transactions on Programming Languages and Systems (TOPLAS)
Modern compiler implementation in Java: basic techniques
Modern compiler implementation in Java: basic techniques
A new, simpler linear-time dominators algorithm
ACM Transactions on Programming Languages and Systems (TOPLAS)
Graph-theoretic methods in database theory
PODS '90 Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Fast Algorithms for Solving Path Problems
Journal of the ACM (JACM)
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
A fast algorithm for finding dominators in a flowgraph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Performance of Computer Communication Systems: A Model-Based Approach
Performance of Computer Communication Systems: A Model-Based Approach
On the Power of Subsumption and Context Checks
DISCO '90 Proceedings of the International Symposium on Design and Implementation of Symbolic Computation Systems
On SDSI's Linked Local Name Spaces
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
ICSE '81 Proceedings of the 5th international conference on Software engineering
Testing flow graph reducibility
STOC '73 Proceedings of the fifth annual ACM symposium on Theory of computing
Distributed Authorization Using Delegation with Acyclic Paths
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
| Hi-index | 0.00 |
Practical analysis tools for distributed authorization need to answer quickly and accurately the question: who can access this resource? DAP (Delegation with Acyclic Paths) is a distributed authorization framework (introduced in [17]) that tries to inter-operate better with standard PKI mechanisms while retaining some of the benefits of new trust management schemes. DAP has an acyclicity requirement which makes it more difficult to answer the question quickly. In this paper we use a technique borrowed from compiler optimization, dominator-tree problem decomposition, to overcome this limitation of DAP with a fast heuristic. We show through simulation the heuristic's performance in a realistic federated resource management scenario. We also show how this heuristic can be complemented by clone-analysis techniques that exploit similarities between principals to further improve performance. We are currently using the heuristic and clone-analysis in practice in a design/analysis security tool.