Title :
A Proof-Carrying File System
Author :
Garg, Deepak ; Pfenning, Frank
Author_Institution :
CyLab, Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
We present the design and implementation of PCFS, a file system that adapts proof-carrying authorization to provide direct, rigorous, and efficient enforcement of dynamic access policies. The keystones of PCFS are a new authorization logic BL that supports policies whose consequences may change with both time and system state, and a rigorous enforcement mechanism that combines proof verification with conditional capabilities. We prove that our enforcement using capabilities is correct, and evaluate our design through performance measurements and a case study.
Keywords :
Access control; Authorization; Computer security; Control systems; Delay; File systems; Logic design; Monitoring; Principal component analysis; Throughput; Access control; file system; logic; proof-carrying authorization;
Conference_Titel :
Security and Privacy (SP), 2010 IEEE Symposium on
Conference_Location :
Oakland, CA, USA
Print_ISBN :
978-1-4244-6894-2
Electronic_ISBN :
1081-6011
