The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The paper proposes an XML-based approach for a controlled distribution of documents, that must be subject to distributed and collaborative updates. In particular, the approach we propose allows one to attach a flow policy to a document, that partially or totally specifies the list of subjects that have to receive the document. Flow policies associated with documents can be dynamically changed during...
We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe systems which avoid the root-bottleneck problem. We present a language for describing goals of agents; these goals are typically to read or write the values of some resources. We describe a decision procedure which determines whether...
We present dharma, a distributed high assurance reference monitor that is generated mechanically by the formal methods tool PVS from a verified specification of its key algorithms. dharma supports policies that allow delegation of access rights, as well as structured, distributed names. To test dharma, we use it as the core reference monitor behind a web server that serves files over SSL connections...
We suggest a scheme to cryptographically support role based access control (RBAC) in large organizations where user roles change frequently. To achieve this, we propose a secure method to manage role keys and we extend a recent pairing-based mediated identity-based cryptographic scheme to allow the enforcement of possession of multiple roles to access certain documents. We also design an architecture...
In key-insulated cryptography, there are many private keys with different indexes and a single, fixed public key. When the trust model includes multiple Certification Authorities (CAs), it can be used to shorten the verification path and mitigate the damage caused by the compromise of a CA’s private key. Existing work requires that the total number of CAs be fixed and that a trusted keystore store...
Users in a distributed system establish webs of trust by issuing and exchanging certificates amont themselves. This approach does not require a central, trusted keyserver. The distributed web of trust, however, is susceptible to attack by malicious users, who may issue false certificates. In this work, we propose a method for generating certificate recommendations. These recommendations guide the...
We consider how related-key attacks can be mounted on the IBM 4758 cryptoprocessor, and also show that its EDEx multiple mode is far less secure than one could believe. As few as about 232 known plaintexts and related-key known ciphertexts in the first case, and 234 chosen ciphertexts in the second case are required to mount key-recovery attacks. These results show that seemingly academic attacks...
Signcryption is a new cryptographic primitive that performs signing and encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we present a security analysis of two such schemes: the Huang-Chang convertible signcryption scheme [12], and the Kwak-Moon group signcryption scheme [13]. Our results show that both...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.