PCAL: Language Support for Proof-Carrying Authorization Systems

12 years 6 months ago
PCAL: Language Support for Proof-Carrying Authorization Systems
By shifting the burden of proofs to the user, a proof-carrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those proofs can be a daunting task for the user. In this paper we develop a Bash-like language, PCAL, that can automate correct and efficient use of a PCA interface. Given a PCAL script, the PCAL compiler tries to statically construct the proofs required for executing the commands in the script, while re-using proofs to the extent possible and rewriting the script to construct the remaining proofs dynamically. We obtain a formal guarantee that if the policy does not change between compile time and run time, then the compiled script cannot fail due to access checks at run time.
Avik Chaudhuri, Deepak Garg
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Authors Avik Chaudhuri, Deepak Garg
Comments (0)