Authorization deals with the specification and management of accesses principals have to resources. In the design of an authorization system, sometimes we just implement the accessenforcement without having a precise semantics for it. In this dissertation we show that, there
exists a precise semantics that improves the efficiency of access-enforcement over the accessenforcement without precise semantics. We present an algorithm to produce an Access Control
List (ACL), in a particular authorization system for version control syatems called gitolite,
and we compare the implementation of our algorithm against the implementation that is already
being used.
As another design problem, we consider least-restrictive enforcement of the Chinese Wall
security policy. We show that there exists a least-restrictive enforcement of the Chinese Wall
Security Policy. Our approach to proving the thesis is by construction; we present an enforcement
that is least-restrictive. We also prove that such an enforcement mechanism cannot be subjectindependent.
We also propose a methodology that tests the implementation of an authorization system to
check whether it has properties of interest. The properties may be considered to be held in the
design of an authorization system, but they are not held in the implementation. We show that
there exist authorization systems that do not have the properties of interest.
Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:OWTU.10012/7673 |
Date | January 2013 |
Creators | Sharifi, Alireza |
Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
Language | English |
Detected Language | English |
Type | Thesis or Dissertation |
Page generated in 0.003 seconds