Skip to main content

A Proof-Carrying File System with Revocable and Use-Once Certificates

  • Conference paper
  • 616 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7170)

Abstract

We present the design and implementation of a file system which allows authorizations dependent on revocable and use-once policy certificates. Authorizations require explicit proof objects, combining ideas from previous authorization logics and Girard’s linear logic. Use-once certificates and revocations lists are maintained in a database that is consulted during file access. Experimental results demonstrate that the overhead of using the database is not significant in practice.

Keywords

  • Linear Logic
  • Linear Fact
  • Proof Search
  • Authorization Policy
  • Proof Construction

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. FUSE: Filesystem in Userspace, http://fuse.sourceforge.net/

  2. Abadi, M.: Logic in access control. In: 18th Annual Symposium on Logic in Computer Science (LICS 2003), pp. 228–233 (June 2003)

    Google Scholar 

  3. Abadi, M.: Logic in access control (tutorial notes). In: 9th International School on Foundations of Security Analysis and Design (FOSAD), pp. 145–165 (2009)

    Google Scholar 

  4. Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: 6th ACM Conference on Computer and Communications Security (CCS), pp. 52–62 (1999)

    Google Scholar 

  5. Barth, A., Mitchell, J.C.: Managing digital rights using linear logic. In: 21st Annual IEEE Symposium on Logic in Computer Science (LICS), pp. 127–136 (2006)

    Google Scholar 

  6. Bauer, L.: Access Control for the Web via Proof-Carrying Authorization. Ph.D. thesis, Princeton University (2003)

    Google Scholar 

  7. Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-Enabled Authorization in the Grey System. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 431–445. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  8. Bowers, K.D., Bauer, L., Garg, D., Pfenning, F., Reiter, M.K.: Consumable credentials in logic-based access-control systems. In: Electronic Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007) (2007)

    Google Scholar 

  9. Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. International Journal of Information Security 6(2), 133–151 (2007)

    CrossRef  Google Scholar 

  10. Cervesato, I., Hodas, J.S., Pfenning, F.: Efficient resource management for linear logic proof search. Theoretical Computer Science 232, 133–163 (2000)

    CrossRef  MathSciNet  MATH  Google Scholar 

  11. Chang, B.Y.E., Chaudhuri, K., Pfenning, F.: A judgmental analysis of linear logic. Tech. Rep. CMU-CS-03-131R. Carnegie Mellon University (2003)

    Google Scholar 

  12. Garg, D.: Proof Theory for Authorization Logic and Its Application to a Practical File System. Ph.D. thesis. Carnegie Mellon University (2009), available as Technical Report CMU-CS-09-168

    Google Scholar 

  13. Garg, D., Bauer, L., Bowers, K., Pfenning, F., Reiter, M.: A Linear Logic of Affirmation and Knowledge. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 297–312. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  14. Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: 19th Computer Security Foundations Workshop (CSFW), pp. 283–293 (2006)

    Google Scholar 

  15. Garg, D., Pfenning, F.: A proof-carrying file system. In: 31st IEEE Symposium on Security and Privacy (Oakland), pp. 349–364 (2010)

    Google Scholar 

  16. Girard, J.Y.: Linear logic. Theoretical Computer Science 50, 1–102 (1987)

    CrossRef  MathSciNet  MATH  Google Scholar 

  17. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)

    CrossRef  Google Scholar 

  18. Pfenning, F.: Structural cut elimination I. Intuitionistic and classical logic. Information and Computation 157(1/2), 84–141 (2000)

    CrossRef  MathSciNet  MATH  Google Scholar 

  19. Pfenning, F., Davies, R.: A judgmental reconstruction of modal logic. Mathematical Structures in Computer Science 11, 511–540 (2001)

    CrossRef  MathSciNet  MATH  Google Scholar 

  20. Schneider, F.B., Walsh, K., Sirer, E.G.: Nexus Authorization Logic (NAL): Design rationale and applications. Tech. rep. Cornell University (2009), http://ecommons.library.cornell.edu/handle/1813/13679

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Morgenstern, J., Garg, D., Pfenning, F. (2012). A Proof-Carrying File System with Revocable and Use-Once Certificates. In: Meadows, C., Fernandez-Gago, C. (eds) Security and Trust Management. STM 2011. Lecture Notes in Computer Science, vol 7170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29963-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29963-6_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29962-9

  • Online ISBN: 978-3-642-29963-6

  • eBook Packages: Computer ScienceComputer Science (R0)