Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

A Proof-Carrying File System with Revocable and Use-Once Certificates

Summary: A Proof-Carrying File System with Revocable
and Use-Once Certificates
Jamie Morgenstern, Deepak Garg, and Frank Pfenning
Carnegie Mellon University
Abstract. We present the design and implementation of a file system
which allows authorizations dependent on revocable and use-once pol-
icy certificates. Authorizations require explicit proof objects, combining
ideas from previous authorization logics and Girard's linear logic. Use-
once certificates and revocations lists are maintained in a database that
is consulted during file access. Experimental results demonstrate that
the overhead of using the database is not significant in practice.
1 Introduction
In the past decade, proof-carrying authorization (PCA) [4,6,7,15] has emerged as
a promising, open-ended architecture for rigorous enforcement of authorization
policies. In PCA, policy rules and other policy-relevant credentials are abstractly
represented as formulas of a formal logic (as opposed to a possible low-level rep-
resentation in system databases or access control lists), and published in signed
certificates that are distributed to authorized principals. Access to a protected
resource is allowed by a reference monitor if and only if the principal request-


Source: Andrews, Peter B. - Department of Mathematical Sciences, Carnegie Mellon University
Pfenning, Frank - School of Computer Science, Carnegie Mellon University


Collections: Computer Technologies and Information Sciences; Mathematics