... credential. An initial contribution of this thesis is the first published empirical evaluatio... more ... credential. An initial contribution of this thesis is the first published empirical evaluation of the state-of-the-art protocol of Frikken, Atallah, and Li for access control with hidden ... 10 3.0 THE SOLUTION OF FRIKKEN, ATALLAH, AND LI . . . . . 12 ...
In distributed proof construction systems, information re- lease policies can make it unlikely th... more In distributed proof construction systems, information re- lease policies can make it unlikely that any single node in the system is aware of the complete structure of any particular proof tree. This property makes it difficult for queriers to determine whether the proofs constructed us- ing these protocols sampled a consistent snapshot of the system state; this has previously been shown to have dire consequences in decentralized authorization systems. Un- fortunately, the consistency enforcement solutions pre- sented in previous work were designed for systems in which only information encoded in certificates issued by certificate authorities is used during the decision-making process. Further, they assume that each piece of certified evidence used during proof construction is available to the decision-making node at runtime. In this paper, we generalize these previous results and present lightweight mechanisms through which consis- tency constraints can be enforced in proof systems in which the full details of a proof may be unavailable to the querier and the existence of certificate authorities for certifying evidence is unlikely; these types of distributed proof systems are likely candidates for use in pervasive computing and sensor network environments. We present modifications to one such distributed proof system that enable two types of consistency constraints to be en- forced while still respecting the same confidentiality and integrity policies as the original proof system. Further, we present the details of a performance analysis conducted to illustrate the modest overheads (less than 30%) of consis- tency enforcement on distributed proof construction.
... credential. An initial contribution of this thesis is the first published empirical evaluatio... more ... credential. An initial contribution of this thesis is the first published empirical evaluation of the state-of-the-art protocol of Frikken, Atallah, and Li for access control with hidden ... 10 3.0 THE SOLUTION OF FRIKKEN, ATALLAH, AND LI . . . . . 12 ...
In distributed proof construction systems, information re- lease policies can make it unlikely th... more In distributed proof construction systems, information re- lease policies can make it unlikely that any single node in the system is aware of the complete structure of any particular proof tree. This property makes it difficult for queriers to determine whether the proofs constructed us- ing these protocols sampled a consistent snapshot of the system state; this has previously been shown to have dire consequences in decentralized authorization systems. Un- fortunately, the consistency enforcement solutions pre- sented in previous work were designed for systems in which only information encoded in certificates issued by certificate authorities is used during the decision-making process. Further, they assume that each piece of certified evidence used during proof construction is available to the decision-making node at runtime. In this paper, we generalize these previous results and present lightweight mechanisms through which consis- tency constraints can be enforced in proof systems in which the full details of a proof may be unavailable to the querier and the existence of certificate authorities for certifying evidence is unlikely; these types of distributed proof systems are likely candidates for use in pervasive computing and sensor network environments. We present modifications to one such distributed proof system that enable two types of consistency constraints to be en- forced while still respecting the same confidentiality and integrity policies as the original proof system. Further, we present the details of a performance analysis conducted to illustrate the modest overheads (less than 30%) of consis- tency enforcement on distributed proof construction.
Uploads
Papers by Adam Lee