GGrantIndex
← Search

TC: Small: Towards precise specification of logic-based acces-control policies

$479,649FY2010CSENSF

Carnegie Mellon University, Pittsburgh PA

Investigators

Abstract

Today's computing environments are characterized by an ongoing dramatic increase in connectivity and data sharing. A critical concern in this setting is access control---the ability to easily and quickly allow access to authorized users or devices, while preventing misuse, unauthorized access, and violations of privacy. Two common pitfalls in many approaches to access control are (1) their inability to support highly flexible access-control policies while avoiding unintended side effects and (2) difficulty in usefully differentiating between all the authority that a user might need and the minimal authority that she requires to perform a specific task. Both these shortcomings prevent systems from enforcing exactly the policies that users desire and thereby increase the danger of misuse and the costs of compromise. This award supports the design and implementation of mechanisms that make it possible to specify and enforce security policies that more precisely limit the amount of authority that is conveyed to users or devices. More specifically, new mechanisms will be developed to enable restricting the circumstances under which the authority to access a resource can be used, and to allow administrators to specify these restrictions as constraints on policies. At the same time, new methods will be developed to distinguish between the total authority that is conveyed to a user and the subset of that authority that she may exercise at a specific moment. These improvements will be carried out in the context of logic-based access control, an approach that offers significant benefits in terms of flexibility and assurance of correctness.

View original record on NSF Award Search →
TC: Small: Towards precise specification of logic-based acces-control policies · GrantIndex