記錄 19 之 6058
Record:   Prev Next
作者 Bauer, Ljudevit
書名 Access control for the Web via proof-carrying authorization
國際標準書號 0496554131
book jacket
說明 124 p
附註 Source: Dissertation Abstracts International, Volume: 64-10, Section: B, page: 5027
Adviser: Andrew W. Appel
Thesis (Ph.D.)--Princeton University, 2003
After a short period of being not much more than a curiosity, the World-Wide Web quickly became an important medium for discussion, commerce, and business. Instead of holding just information that the entire world could see, web pages also became used to access email, financial records, and other personal or proprietary data that was meant to be viewed only by particular individuals or groups. This made it necessary to design mechanisms that would restrict access to web pages. Unfortunately, most current mechanisms are lacking in generality and flexibility---they interoperate poorly and can express only a limited number of security policies
We view access control on the web as a general distributed authorization problem and develop a solution by adapting the techniques of proof-carrying authorization, a framework for defining security logics based on higher-order logic
In this dissertation we present a particular logic for modeling access-control scenarios that occur on the web. We give this application-specific logic a semantics in higher-order logic, thus ensuring its soundness, and use it to implement a system that regulates access to web pages. Our system uncouples authorization from authentication, allowing for better interoperation across administrative domains and more expressive security policies. Our implementation consists of a web server module and a local web proxy. The server allows access to pages only if the web browser can demonstrate that it is authorized to view them. The browser's local proxy accomplishes this by mechanically constructing a proof of a challenge sent to it by the server. Our system supports arbitrarily complex delegation, and we implement a framework that lets the web browser locate and use pieces of the security policy that have been distributed across arbitrary hosts. Our system was built for controlling access to web pages, but could relatively easily be extended to encompass access control for other applications as well
School code: 0181
DDC
Host Item Dissertation Abstracts International 64-10B
主題 Computer Science
0984
Alt Author Princeton University
記錄 19 之 6058
Record:   Prev Next