We describe a new attack against web authentication, which we call dynamic pharming. Dynamic pharming works by hijacking DNS and sending the victim’s browser malicious Javascrip...
Chris Karlof, Umesh Shankar, J. Doug Tygar, David ...
By shifting the burden of proofs to the user, a proof-carrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those p...
One of the important challenges when designing and analyzing cryptographic protocols is the enforcement of security properties in the presence of compromised participants. This pa...
Michael Backes, Martin P. Grochulla, Catalin Hritc...
We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies acros...
Jonathan M. McCune, Trent Jaeger, Stefan Berger, R...
Quantitative Trust Management (QTM) provides a dynamic interpretation of authorization policies for access control decisions based on upon evolving reputations of the entities inv...
Andrew G. West, Adam J. Aviv, Jian Chang, Vinayak ...