Constraining Credential Usage in Logic-Based Access Control.

Authorization logics allow concise specification of flexible access-control policies, and are the basis for logic-based access-control systems. ... Proofs in authorization logics can serve as capabilities for gaining access to resources. ... The enforcement of credential revocation in logic-based access-control systems is often implemented in one of the following ways. ...

doi:10.1109/csf.2010.18 dblp:conf/csfw/BauerJS10 fatcat:4bmrgxgdsrg5nmeuacyedertsq

access to resources. ... Constrained devices on the Internet of Things (IoT) continuously produce and consume data. ... logic of connection handling and client credential management. ...

arXiv:2203.03450v1 fatcat:wwwrnvyzbrgzrbygceoeqf2x6i

Nowadays Grid has become a leading technology in distributed computing. ... Most existing authorization models for Grid have granularity to manage access to service invocations while behavioral monitoring of applications executed by these services remains a responsibility of a ... There are available tools supporting system administrators in writing security policies, such as the graphical policy editor UMU-XACML-Editor 6 . ...

doi:10.1007/s10207-009-0083-4 fatcat:6ixtorjdpbfirdwfpzyzlb3rby

The resulting architecture is intended to provide a holistic security approach to be leveraged in the design of novel and lightweight security protocols for IoT constrained environments. ... In this emerging ecosystem, the application of standard security technologies has to cope with the inherent nature of constrained physical devices, which are seamlessly integrated into the Internet infrastructure ... In addition, it has been supported by the Swiss national government through the Sciex-NMSch (Scientific Exchange Programme between Switzerland and the New Member States of the EU) with the project code ...

doi:10.1109/jsac.2015.2393436 fatcat:zjjuso7gvjdblkawalxd44ku5q

This paper adresses authentication and access control in the frame of the IoT. ... To be successfully used in the IoT context, this technology needs to be embedded in a standardized identity and access management framework. ... ACKNOWLEDGMENT This research work is in the frame of the EIT (European Institute of innovation and Technology) ICT activity 14056. ...

doi:10.1109/recosoc.2014.6861362 dblp:conf/recosoc/CherkaouiBSSB14 fatcat:t4pq7rz2djbbphu7v7lhacz3qi

As assurance is crucial for high-value transactions, we use an access-control logic to: (1) describe the protocol, (2) assure the logical consistency of the operations, and (3) to make the trust assumptions ... PKM reinterprets traditional public key infrastructure (PKI) for use in high-value commercial transactions, which require additional controls on the use of credentials for authentication and authorization ... The access-control logic we use is based on Abadi and Plotkin's work [9] , with modifications described in [10] . ...

doi:10.1007/978-3-642-14706-7_13 fatcat:ynd5lbdxgnapjhwuvonomnsb3e

In this paper, a novel privacy preserving authentication and access control scheme to secure the interactions between mobile users and services in PCEs is proposed. ... Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups. ... We verified the correctness of the proposed scheme in the above section based on the well-known BAN logic. ...

doi:10.1109/tvt.2006.877704 fatcat:as5sz6ckubhfdgbdm42s7ekgtu

Recently proposed usage control concept and models extend traditional access control models with features for contemporary distributed computing systems, including continuous access control in dynamic ... In this paper we identify the general requirements of a trusted usage control enforcement in heterogeneous computing environments, and then propose a general platform architecture and enforcement mechanism ... the user based on the presented credentials. ...

doi:10.1109/sutc.2008.79 dblp:conf/sutc/ZhangSS08 fatcat:xwq4nz5bundjnlgolbvlph7t2i

This paper presents ongoing research and current results on the development of flexible access control infrastructures for complex resource provisioning in Grid-based collaborative applications and on-demand ... The paper is based on experiences gained from major Grid based and Grid oriented projects such as EGEE, NextGrid, Phosphorus and GigaPort Research on Network. ... The authors believe that the proposed access control architecture for CRP and related technical solutions will also be useful to the wider community that has similar problems with managing access control ...

doi:10.1109/ares.2007.157 dblp:conf/IEEEares/DemchenkoGL07 fatcat:yhuywigecfg6bbr235jjv4tcpu

In particular, the protection of login credentials when accessing web services becomes crucial under phishing and malware attacks. ... In this paper, we show how to use these mechanisms, in particular trusted execution environments, to protect the user's login credentials. ... Conclusion and Future Work In this paper, we present a secure wallet-based system and protocols for protecting user credentials on mobile devices used to access Internet services. ...

doi:10.1007/978-3-642-25283-9_15 fatcat:ot2gkcvtofdvbisocljxlnbcue

as well as usage control and throttling. ... Web API management is a key aspect of service-oriented systems that includes the following elements: metadata publishing, access control and key management, monitoring and monetization of interactions, ... -Monitoring the usage of specific clients in order to be able to limit access or charge for API usage. ...

doi:10.1007/978-3-319-25639-9_49 fatcat:wovbhzieyjgb3h3q2qijwq2zei

In this paper, we study a notion of authorization provenance, based on a recently proposed logic in the literature. ... It appears important to define authorization provenance to (1) analyze policy bases, (2) defend against a class of attacks, and (3) audit authorizations. ... In this paper, we attempt to track and constrain authorization provenance with respect to logic-based policy bases. ...

doi:10.1007/978-3-642-31087-4_68 fatcat:6n4fpemxx5c35mwrktiusza5le

The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. ... Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. ... Skarmeta were in charge of reviewing the structure and content of the manuscript. ...

doi:10.3390/s150715611 pmid:26140349 pmcid:PMC4541847 fatcat:lj6fxvebhbeq3eracqxlv7ijfq

DOAJ

Logical attestation is based on attributable, unforgeable statements about program properties, expressed in a logic. ... These statements are suitable for mechanical processing, proof construction, and verification; they can serve as credentials, support authorization based on expressive authorization policies, and enable ... This work was supported in part by ONR grant N00014-09-1-0652, AFOSR grant F9550-06-0019, NSF grants 0430161, 0964409, CNS-1111698 and CCF-0424422 (TRUST), and a gift from Microsoft Corporation. ...

doi:10.1145/2043556.2043580 dblp:conf/sosp/SirerBRSWWS11 fatcat:kudazvqssvdknbygjazbqxdduy

access control, and a federated infrastructure-as-a-service system. ... Linking allows granular control over dynamic logic content based on dependency relationships, enabling a logic server to make secure inferences at high throughput. ... Listing 1: Policy rule for capability-based access control. The meaning of capability-based access control is easily captured in a recursive logic policy rule (Listing 1). ...

arXiv:1701.06562v1 fatcat:tb6gpk6nfnamha2qsl4ncohyv4

Constraining Credential Usage in Logic-Based Access Control

Preserved Fulltext

Secure and Authorized Client-to-Client Communication for LwM2M [article]

Preserved Fulltext

Enhancing grid security by fine-grained behavioral control and negotiation-based authorization

Preserved Fulltext

Toward a Lightweight Authentication and Authorization Framework for Smart Objects

Preserved Fulltext

New paradigms for access control in constrained environments

Preserved Fulltext

Credentials Management for High-Value Transactions [chapter]

Preserved Fulltext

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments

Preserved Fulltext

Security Enforcement Model for Distributed Usage Control

Preserved Fulltext

Using SAML and XACML for Complex Authorisation Scenarios in Dynamic Resource Provisioning

Preserved Fulltext

TruWalletM: Secure Web Authentication on Mobile Platforms [chapter]

Preserved Fulltext

Web API Management Meets the Internet of Things [chapter]

Preserved Fulltext

Tracking and Constraining Authorization Provenance [chapter]

Preserved Fulltext

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

Preserved Fulltext

Logical attestation

Preserved Fulltext

Certificate Linking and Caching for Logical Trust [article]

Preserved Fulltext