PCAL: Language Support for Proof-Carrying Authorization Systems

  • Avik Chaudhuri
  • Deepak Garg
Conference paper

DOI: 10.1007/978-3-642-04444-1_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)
Cite this paper as:
Chaudhuri A., Garg D. (2009) PCAL: Language Support for Proof-Carrying Authorization Systems. In: Backes M., Ning P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg

Abstract

By shifting the burden of proofs to the user, a proof-carrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those proofs can be a daunting task for the user. In this paper we develop a Bash-like language, PCAL, that can automate correct and efficient use of a PCA interface. Given a PCAL script, the PCAL compiler tries to statically construct the proofs required for executing the commands in the script, while re-using proofs to the extent possible and rewriting the script to construct the remaining proofs dynamically. We obtain a formal guarantee that if the policy does not change between compile time and run time, then the compiled script cannot fail due to access checks at run time.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Avik Chaudhuri
    • 1
  • Deepak Garg
    • 2
  1. 1.University of MarylandCollege Park
  2. 2.Carnegie Mellon UniversityUSA

Personalised recommendations