Sciweavers

CSFW
2010
IEEE

Towards Quantitative Analysis of Proofs of Authorization: Applications, Framework, and Techniques

14 years 4 months ago
Towards Quantitative Analysis of Proofs of Authorization: Applications, Framework, and Techniques
—Although policy compliance testing is generally treated as a binary decision problem, the evidence gathered during the trust management process can actually be used to examine these outcomes within a more continuous space. In this paper, we develop a formal model that allows us to quantitatively reason about the outcomes of the policy enforcement process in both absolute (i.e., user to ideal case) and relative (i.e., user to user) terms. Within this framework, it becomes possible to quantify, e.g., the robustness of a user’s proof of authorization to possible perturbations in the system, how close an unauthorized user is to satisfying a particular policy, and relative “top-k” style rankings of the best users to carry out a particular task. To this end, we explore several interesting classes of scoring functions for assessing the robustness of authorization decisions, and develop criteria under which these types of functions can be composed with one another. We further show tha...
Adam J. Lee, Ting Yu
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2010
Where CSFW
Authors Adam J. Lee, Ting Yu
Comments (0)