Date of Original Version

5-2010

Type

Conference Proceeding

Published In

2010 IEEE Symposium on Security and Privacy, pp.349-364,

Abstract or Description

We present the design and implementation of PCFS, a file system that adapts proof-carrying authorization to provide direct, rigorous, and efficient enforcement of dynamic access policies. The keystones of PCFS are a new authorization logic BL that supports policies whose consequences may change with both time and system state, and a rigorous enforcement mechanism that combines proof verification with conditional capabilities. We prove that our enforcement using capabilities is correct, and evaluate our design through performance measurements and a case study.

DOI

10.1109/SP.2010.28

Share

COinS