A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
TrustedBSD: Adding Trusted Operating System Features to FreeBSD
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Constraint Databases: A Survey
Selected Papers from a Workshop on Semantics in Databases
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Continuous Verification by Discrete Reasoning
Continuous Verification by Discrete Reasoning
Policy Languages for Digital Identity Management in Federation Systems
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Towards a declarative language and system for secure networking
NETB'07 Proceedings of the 3rd USENIX international workshop on Networking meets databases
Formal analysis and systematic construction of two-factor authentication scheme (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Responding to Anomalous Database Requests
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Runtime adaptive multi-factor authentication for mobile devices
IBM Journal of Research and Development
Hi-index | 0.00 |
This paper develops a language and a reference architecture supporting the management and enforcement of authentication policies. Such language directly supports multi-factor authentication and the high level specification of authentication factors, in terms of conditions against the features of the various authentication mechanisms and modules. In addition the language supports a rich set of constraints; by using these constraints, one can specify for example that a subject must be authenticated by two credentials issued by different authorities. The paper presents a logical definition of the language and its corresponding XML encoding. It also reports an implementation of the proposed authentication system in the context of the FreeBSD Unix operating system (OS). Critical issues in the implementation are discussed and performance results are reported. These results show that the implementation is very efficient.