This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that securit...
Vinod Ganapathy, Dave King 0002, Trent Jaeger, Som...
The penetration of cellular networks worldwide and emergence of smart phones has led to a revolution in mobile content. Users consume diverse content when, for example, exchanging...
Machigar Ongtang, Kevin R. B. Butler, Patrick Drew...
Are computing systems trustworthy? To answer this, we need to know three things: what the systems are supposed to do, what they are not supposed to do, and what they actually do. A...
A high-level security policy states an overall requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a sensi...
An access control system is often viewed as a state transition system. Given a set of access control policies, a general safety requirement in such a system is to determine whethe...