A high-level security policy states an overall requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a sensi...
In distributed environments, statements from a number of principals, besides the central trusted party, may influence the derivations of authorization decisions. However, existin...
We present the design, implementation and evaluation of an algorithm that checks audit logs for compliance with privacy and security policies. The algorithm, which we name reduce,...
Traditional Public Key Infrastructures (PKI) have not lived up to their promise because there are too many ways to define PKIs, too many cryptographic primitives to build them wi...
Chris Lesniewski-Laas, Bryan Ford, Jacob Strauss, ...
Authorization systems today are increasingly complex. They span domains of administration, rely on many different authentication sources, and manage permissions that can be as com...
Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis ...