Show simple item record

dc.contributor.authorWalsh, Kevinen_US
dc.identifier.otherbibid: 7745243
dc.description.abstractNexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on "says" and "speaks for" operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a document-viewer application suite was implemented for the [alpha]-Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text; and a third viewer enforces policies that impose chain-ofcustody restrictions on stages of an image-editing pipeline. To study how compatible this approach to authorization is with existing principles for building trustworthy systems, a filesystem that pervasively instantiates a number of well-known security principles was implemented for [alpha]-Nexus. The design and overall performance of this filesystem was compared to a Linux filesystem that largely ignores the security principles.en_US
dc.subjectComputer Securityen_US
dc.titleAuthorization And Trust In Software Systemsen_US
dc.typedissertation or thesisen_US Science Universityen_US of Philosophy D., Computer Science
dc.contributor.chairSchneider, Fred Barryen_US
dc.contributor.committeeMemberHenderson, David W.en_US
dc.contributor.committeeMemberMyers, Andrew C.en_US

Files in this item


This item appears in the following Collection(s)

Show simple item record