Related papers: Security Policy Specification Using a Graphical Ap…
Policies are designed to distinguish between correct and incorrect actions; they are types. But badly typed actions may cause not compile errors, but financial and reputational harm We demonstrate how even the most complex ABAC policies can…
In this paper we present the core of LoCo, a logic-based high-level representation language for expressing configuration problems. LoCo shall allow to model these problems in an intuitive and declarative way, the dynamic aspects of…
As networks expand in size and complexity, they pose greater administrative and management challenges. Software Defined Networks (SDN) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy driven…
Cedar is a new authorization policy language designed to be ergonomic, fast, safe, and analyzable. Rather than embed authorization logic in an application's code, developers can write that logic as Cedar policies and delegate access…
The object-capability model is a security measure that consists in encoding access rights in individual objects to restrict its interactions with other objects. Since its introduction in 2013, different approaches to object-capability have…
In this thesis we consider the problem of information hiding in the scenarios of interactive systems, statistical disclosure control, and refinement of specifications. We apply quantitative approaches to information flow in the first two…
Reasoning about security properties involves reasoning about where the information of a system is located, and how it evolves over time. While most security analysis techniques need to cope with some notions of information locality and…
Constraints such as separation-of-duty are widely used to specify requirements that supplement basic authorization policies. However, the existence of constraints (and authorization policies) may mean that a user is unable to fulfill…
The stack-based access control mechanism plays a fundamental role in the security architecture of Java and Microsoft CLR (common language runtime). It is enforced at runtime by inspecting methods in the current call stack for granted…
We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…
A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements and business rules may impose constraints on which users are permitted to perform those steps. A workflow…
Program obfuscation is a widely employed approach for software intellectual property protection. However, general obfuscation methods (e.g., lexical obfuscation, control obfuscation) implemented in mainstream obfuscation tools are heuristic…
As more business activities are being automated and an increasing number of computers are being used to store vital and sensitive information the need for secure computer systems becomes more apparent. These systems can be achieved only…
Conventional approaches for ensuring the security of application software at run-time, through monitoring, either produce (high rates of) false alarms (e.g. intrusion detection systems) or limit application performance (e.g. run-time…
We provide a protection system making use of encapsulation, messages communication, interface functions coming from an object oriented model described in previous works. Each user represents himself to the system by the mean of his "USER"…
Access control is the enforcement of the authorization policy, which defines subjects, resources, and access rights. Graph-structured data requires advanced, flexible, and fine-grained access control due to its complex structure as…
Confidentiality, integrity, availability, authenticity, authorization, and accountability are known as security properties that secure systems should preserve. They are usually considered as security final goals that are achieved by system…
Cybersecurity demands rigorous and scalable techniques to ensure system correctness, robustness, and resilience against evolving threats. Automated reasoning, encompassing formal logic, theorem proving, model checking, and symbolic…
Administrator-centered access control failures can cause data breaches, putting organizations at risk of financial loss and reputation damage. Existing graphical policy configuration tools and automated policy generation frameworks attempt…
We present SAFE, an integrated system for managing trust using a logic-based declarative language. Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing…