PCAL: Language Support for Proof-Carrying Authorization Systems

Abstract

By shifting the burden of proofs to the user, a proof-carrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those proofs can be a daunting task for the user. In this paper we develop a Bash-like language, PCAL, that can automate correct and efficient use of a PCA interface. Given a PCAL script, the PCAL compiler tries to statically construct the proofs required for executing the commands in the script, while re-using proofs to the extent possible and rewriting the script to construct the remaining proofs dynamically. We obtain a formal guarantee that if the policy does not change between compile time and run time, then the compiled script cannot fail due to access checks at run time.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 16, 2009
Accession Number
ADA512406

Entities

People

  • Avik Chaudhuri
  • Deepak Garg

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Human Systems

DTIC Thesaurus Topics

  • Abstracts
  • Air Force
  • Air Force Research Laboratories
  • Automatic
  • Compilers
  • Computer Access Control
  • Computer Programming
  • Computer Science
  • Computers
  • Concrete
  • Construction
  • Cybersecurity
  • Directories
  • Instructors
  • Language
  • Programming Languages
  • Universities

Fields of Study

  • Computer science

Readers

  • Manufacturing Engineering.
  • Mathematical Modeling and Probability Theory.
  • Parallel and Distributed Computing.