Protecting Information with Logic-Based Access Control
Speaker: Deepak Garg , Carnegie Mellon University
Policies for protecting sensitive information are often written in natural language and enforced using access control lists. These mechanisms are not only difficult for administrators but also error prone. Proof-carrying authorization (PCA) provides an alternate, logic-based, rigorous enforcement for policies without significant administrative overhead. However, it is challenging to make PCA efficient enough for practical use in a low-level system. Using an experimental file system (PCFS) as an illustration, this talk argues that PCA can be combined with conditional capabilities to obtain sufficient efficiency, without losing any of its benefits. The talk also covers a tool for proof search in an expressive authorization logic, which helps make PCFS practical for end users.