Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protection in programming languages
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Adding capability access to conventional file servers
ACM SIGOPS Operating Systems Review
NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS
NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS
Information storage in a decentralized computer system
Information storage in a decentralized computer system
LISP 1.5 Programmer's Manual
On some cryptographic solutions for access control in a tree hierarchy
ACM '87 Proceedings of the 1987 Fall Joint Computer Conference on Exploring technology: today and tomorrow
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Coordinating processes with secure spaces
Science of Computer Programming - Special issue on coordination languages and architectures
Security analysis of cryptographically controlled access to XML documents
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Bridging a gap in the proposed personal health record
HIKM '06 Proceedings of the international workshop on Healthcare information and knowledge management
A cryptographic access control architecture secure against privileged attackers
Proceedings of the 2007 ACM workshop on Computer security architecture
Security analysis of cryptographically controlled access to XML documents
Journal of the ACM (JACM)
Tagged sets: a secure and transparent coordination medium
COORDINATION'05 Proceedings of the 7th international conference on Coordination Models and Languages
Hi-index | 48.22 |
A new protection mechanism is described that provides general primitives for protection and authentication. The mechanism is based on the idea of sealing an object with a key. Sealed objects are self-authenticating, and in the absence of an appropriate set of keys, only provide information about the size of their contents. New keys can be freely created at any time, and keys can also be derived from existing keys with operators that include Key-And and Key-Or. This flexibility allows the protection mechanism to implement common protection mechanisms such as capabilities, access control lists, and information flow control. The mechanism is enforced with a synthesis of conventional cryptography, public-key cryptography, and a threshold scheme.