1 / 5

PCFS: A Proof-Carrying File System

PCFS: A Proof-Carrying File System. Deepak Garg and Frank Pfenning Carnegie Mellon University July 09, 2009. Goal and Method. Goal of PCFS: Rich access control for a file system Expressiveness Capture high-level intent directly Motivation: Classified information – intelligence agencies

chavi
Download Presentation

PCFS: A Proof-Carrying File System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCFS: A Proof-Carrying File System Deepak Gargand Frank Pfenning Carnegie Mellon University July 09, 2009

  2. Goal and Method • Goal of PCFS: Rich access control for a file system • Expressiveness • Capture high-level intent directly • Motivation: Classified information – intelligence agencies • Dynamic (changing) policies • Access control lists do not suffice • Rigorous enforcement • Technical methods: • Proof-carrying authorization • Conditional cryptographic capabilities

  3. admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) admin says may (...) PCFS: Workflow Approx. 1000 times faster than proof checking Proof-carrying authorization [AF’99] Proof search (untrusted) Proof, certificate verifier (trusted) Procap Checker (trusted) OK? Procap (Capability) no yes F I L E - A P I Error Data /Error File System Alice Data

  4. Dynamic Policies • What if policies or credentials change after capability is issued? • Time-of-check-to-time-of-use attack • Capabilities conditional on parts of policies that can change • Some ways of policy change: • Expiration: “Allow access from 2008 to 2009” • State: “Allow access while protocol is in phase 2” • Revocation: A credential on which access depends is revoked • Consumption: “Allow access once” • Logic expresses time, state, consumption • Describe conditions for capabilities, and how they can be extracted from a logical proof • Prove that enforcement is correct with respect to proof-carrying authorization

  5. Results • New logic (BL), proof-theory, meta-theory, capabilities • Implementation of file system (includes prover for BL) • Case study with classified information http://www.cs.cmu.edu/~dg/pcfs

More Related