On Access Checking in Capability-Based Systems
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
REFEREE: trust management for Web applications
Selected papers from the sixth international conference on World Wide Web
On SDSI's linked local name spaces
Journal of Computer Security
Protection in operating systems
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Capability-Based Computer Systems
Capability-Based Computer Systems
On the Expressive Power of the Unary Transformation Model
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
KeyNote: Trust Management for Public-Key Infrastructures (Position Paper)
Proceedings of the 6th International Workshop on Security Protocols
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Logic for SDSI's Linked Local Name Spaces: Preliminary Version
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
On the Minimality of Testing for Rights in Transformation Models
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Expressive power of access control models based on propagation of rights
Expressive power of access control models based on propagation of rights
The multics system: an examination of its structure
The multics system: an examination of its structure
File handling at Cambridge University
AFIPS '67 (Spring) Proceedings of the April 18-20, 1967, spring joint computer conference
Dynamic access control: preserving safety and trust for network defense operations
Proceedings of the eighth ACM symposium on Access control models and technologies
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
A theory for comparing the expressive power of access control models
Journal of Computer Security
An efficient and transparent transaction management based on the data workflow of HVEM DataGrid
CLADE '08 Proceedings of the 6th international workshop on Challenges of large applications in distributed environments
Security rules versus security properties
ICISS'10 Proceedings of the 6th international conference on Information systems security
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Formal specification and validation of security policies
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Risk-Based auto-delegation for probabilistic availability
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
The need for application-aware access control evaluation
Proceedings of the 2012 workshop on New security paradigms
On the suitability of dissemination-centric access control systems for group-centric sharing
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Abstract: We use a state-transition approach to analyze and compare the core access control mechanisms that are characteristic of a variety of trust management, access control list, and capability-based systems. The framework, which characterizes the set of rights a subject has over an object after any sequence of actions, is based on abstract system states, state transitions, and logical deduction of access control judgments. We present abstract models representing the access control portion of trust management, access control lists, and two versions of capabilities, proving various correspondence and simulation relations between these models. The main results include an equivalence between access control lists (ACLs) and capabilities viewed as rows of the Lampson access matrix and the (proper) subsumption of a form of ACLs by an "unforgeable reference" form of capabilities. The access control mechanism at the heart of distributed trust management systems is formally shown to provide a tractable compromise between unrestricted capability passing from the capability models and easy revocation provided by access control lists. The underlying simulations show how trust management compares with more established access control mechanisms, independent of features such as local name spaces and certificate authorization hierarchies.