English
Related papers

Related papers: Cedar: A New Language for Expressive, Fast, Safe, …

200 papers

Robust access control is a cornerstone of secure software, systems, and networks. An access control mechanism is as effective as the policy it enforces. However, authoring effective policies that satisfy desired properties such as the…

Cryptography and Security · Computer Science 2026-01-23 Ka Lok Wu , Christa Jenkins , Scott D. Stoller , Omar Chowdhury

This paper presents verification-guided development (VGD), a software engineering process we used to build Cedar, a new policy language for expressive, fast, safe, and analyzable authorization. Developing a system with VGD involves writing…

Policies are designed to distinguish between correct and incorrect actions; they are types. But badly typed actions may cause not compile errors, but financial and reputational harm We demonstrate how even the most complex ABAC policies can…

Cryptography and Security · Computer Science 2025-06-03 Matthew D. Fuchs

Logic languages based on the theory of rational, possibly infinite, trees have much appeal in that rational trees allow for faster unification (due to the safe omission of the occurs-check) and increased expressivity (cyclic terms can…

Programming Languages · Computer Science 2007-05-23 Roberto Bagnara , Roberta Gori , Patricia M. Hill , Enea Zaffanella

Logic rules are powerful for expressing complex reasoning and analysis problems. At the same time, they are inconvenient or impossible to use for many other aspects of applications. Integrating rules in a language with sets and functions,…

Programming Languages · Computer Science 2022-05-31 Yanhong A. Liu , Scott D. Stoller , Yi Tong , Bo Lin , K. Tuncay Tekle

With increasing emphasis on transparency in digital governance, users expect more than silence when their access requests are denied by a system. However, authorization methods are notorious for their inability to provide any form of…

Cryptography and Security · Computer Science 2026-04-15 Shanampudi Pranaya Chowdary , Shamik Sural

The Center for Expanded Data Annotation and Retrieval (CEDAR) aims to revolutionize the way that metadata describing scientific experiments are authored. The software we have developed--the CEDAR Workbench--is a suite of Web-based tools and…

Many languages and algebras have been proposed in recent years for the specification of authorization policies. For some proposals, such as XACML, the main motivation is to address real-world requirements, typically by providing a complex…

Cryptography and Security · Computer Science 2011-11-28 Jason Crampton , Charles Morisset

Rust, an emerging programming language with explosive growth, provides a robust type system that enables programmers to write memory-safe and data-race free code. To allow access to a machine's hardware and to support low-level performance…

Software Engineering · Computer Science 2020-07-03 Ana Nora Evans , Bradford Campbell , Mary Lou Soffa

We present the first formalization and metatheory of language soundness for a user-schedulable language, the widely used array processing language Halide. User-schedulable languages strike a balance between abstraction and control in…

Programming Languages · Computer Science 2022-10-31 Alex Reinking , Gilbert Louis Bernstein , Jonathan Ragan-Kelley

High-quality, "rich" metadata are essential for making research data findable, interoperable, and reusable. The Center for Expanded Data Annotation and Retrieval (CEDAR) has long addressed this need by providing tools to design…

Digital Libraries · Computer Science 2025-08-05 Martin J. O'Connor , Marcos Martinez-Romero , Attila L. Egyedi , Mete U. Akdogan , Michael V. Dorf , Mark A. Musen

We present SAFE, an integrated system for managing trust using a logic-based declarative language. Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing…

Cryptography and Security · Computer Science 2015-10-19 Vamsi Thummala , Jeff Chase

This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop…

Cryptography and Security · Computer Science 2025-04-22 Surya Teja Avirneni

This paper presents a language, Alda, that supports all of logic rules, sets, functions, updates, and objects as seamlessly integrated built-ins. The key idea is to support predicates in rules as set-valued variables that can be used and…

Programming Languages · Computer Science 2023-05-31 Yanhong A. Liu , Scott D. Stoller , Yi Tong , Bo Lin

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure…

Distributed, Parallel, and Cluster Computing · Computer Science 2011-11-10 Zach Miller , Dan Bradley , Todd Tannenbaum , Igor Sfiligoi

With the rapid advances in computing and information technologies, traditional access control models have become inadequate in terms of capturing fine-grained, and expressive security requirements of newly emerging applications. An…

Cryptography and Security · Computer Science 2021-02-02 Leila Karimi , Maryam Aldairi , James Joshi , Mai Abdelhakim

Good documentation offers the promise of enabling developers to easily understand design decisions. Unfortunately, in practice, design documents are often rarely updated, becoming inaccurate, incomplete, and untrustworthy. A better solution…

Software Engineering · Computer Science 2021-11-25 Sahar Mehrpour , Thomas D. LaToza , Hamed Sarvari

A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the…

Cryptography and Security · Computer Science 2007-05-23 James A. Hoagland , Raju Pandey , Karl N. Levitt

Programming languages are incredibly versatile, enabling developers to create applications and programs that suit their individual requirements. This article introduces a new language called Cesno, designed from the ground up to offer an…

Software Engineering · Computer Science 2024-09-24 Ozelot Vanilla , Jingxiang Yu , Hemn Barzan Abdalla

Traditional authorization policies are user-centric, in the sense that authorization is defined, ultimately, in terms of user identities. We believe that this user-centric approach is inappropriate for many applications, and that what…

Cryptography and Security · Computer Science 2014-06-20 Jason Crampton , James Sellwood
‹ Prev 1 2 3 10 Next ›