Auth-SL: a system for the specification and enforcement of quality-based authentication policies

Authors:
Anna C. Squicciarini;Abhilasha Bhargav-Spantzel;Elisa Bertino;Alexei B. Czeksis
Affiliations:
Department of Computer Science, Purdue University;Department of Computer Science, Purdue University;Department of Computer Science, Purdue University;Department of Computer Science, Purdue University
Venue:
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Year:
2007

Citing 9
Cited 2

A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication in the Taos operating system

ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
TrustedBSD: Adding Trusted Operating System Features to FreeBSD

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Constraint Databases: A Survey

Selected Papers from a Workshop on Semantics in Databases
Authentication Confidences

HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Continuous Verification by Discrete Reasoning

Continuous Verification by Discrete Reasoning
Policy Languages for Digital Identity Management in Federation Systems

POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Towards a declarative language and system for secure networking

NETB'07 Proceedings of the 3rd USENIX international workshop on Networking meets databases
Formal analysis and systematic construction of two-factor authentication scheme (short paper)

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security

Responding to Anomalous Database Requests

SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Runtime adaptive multi-factor authentication for mobile devices

IBM Journal of Research and Development

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper develops a language and a reference architecture supporting the management and enforcement of authentication policies. Such language directly supports multi-factor authentication and the high level specification of authentication factors, in terms of conditions against the features of the various authentication mechanisms and modules. In addition the language supports a rich set of constraints; by using these constraints, one can specify for example that a subject must be authenticated by two credentials issued by different authorities. The paper presents a logical definition of the language and its corresponding XML encoding. It also reports an implementation of the proposed authentication system in the context of the FreeBSD Unix operating system (OS). Critical issues in the implementation are discussed and performance results are reported. These results show that the implementation is very efficient.