The well-founded semantics for general logic programs
Journal of the ACM (JACM)
Undecidability of safety for the schematic protection model with cyclic creates
Journal of Computer and System Sciences
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Protection in operating systems
Communications of the ACM
backus normal form vs. Backus Naur form
Communications of the ACM
Improving the granularity of access control in Windows NT
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Improving the granularity of access control for Windows 2000
ACM Transactions on Information and System Security (TISSEC)
Safety Analysis of the Dynamic-Typed Access Matrix Model
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Role-Based Access Control
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
On Safety in Discretionary Access Control
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A theory for comparing the expressive power of access control models
Journal of Computer Security
Version Control with Subversion
Version Control with Subversion
Towards Formal Verification of Role-Based Access Control Policies
IEEE Transactions on Dependable and Secure Computing
Protection: principles and practice
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A linear logic of authorization and knowledge
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
| Hi-index | 0.00 |
We present gitolite, an authorization scheme for Version Control Systems (VCSes). We have implemented it for the Git VCS. A VCS enables versioning, distributed collaboration and several other features, and is an important context for authorization and access control. Our main consideration behind the design of gitolite is the balance between expressive power, correctness and usability in realistic settings. We discuss our design of gitolite, and in particular the four user-classes in its delegation model, and the administrative actions a user at each class performs. We discuss also our ongoing work on expressing gitolite precisely in first-order logic, to thereby give it a precise semantics and establish correctness properties. gitolite has been adopted in open-source software development, university and industry settings. We discuss our experience with these deployments, and present some performance results related to access enforcement from a real deployment.