DOCSLIB.ORG

FOUNDATIONS of ACCESS CONTROL for SECURE STORAGE a Dissertation Submitted in Partial Satisfaction of the Requirements for the Degree Of

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
FOUNDATIONS of ACCESS CONTROL for SECURE STORAGE a Dissertation Submitted in Partial Satisfaction of the Requirements for the Degree Of UNIVERSITY OF CALIFORNIA SANTA CRUZ FOUNDATIONS OF ACCESS CONTROL FOR SECURE STORAGE A dissertation submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in COMPUTER SCIENCE by Avik Chaudhuri December 2008 The Dissertation of Avik Chaudhuri is approved: Professor Mart´ın Abadi, Chair Professor Scott Brandt Professor Cormac Flanagan Professor Luca de Alfaro Dean Lisa Sloan Vice Provost and Dean of Graduate Studies Copyright c by Avik Chaudhuri 2008 Table of Contents Abstract vii Dedication viii Acknowledgments ix 1 Introduction 1 1.1 Access control and secure storage . .3 1.2 A research program . .4 1.3 Some highlights . .4 1.3.1 Security enforcement on operating systems . .5 1.3.2 Automatic analysis of security models . .6 1.3.3 Automated security analysis of storage protocols . .6 1.3.4 Secure distributed sharing of services . .8 1.3.5 Correctness of distributed access-control implementations . .8 1.4 Ideas and techniques . .9 1.4.1 Programming languages . .9 1.4.2 Logic . 11 1.5 Organization . 12 1.5.1 Dependencies . 13 1.5.2 Common themes . 13 I Correctness of Access Control 16 2 Cryptographic access control 18 2.1 Plutus . 20 2.2 Formal model of Plutus . 23 2.2.1 Background on ProVerif . 23 2.2.2 Plutus in ProVerif . 24 iii 2.3 Security results on Plutus . 31 2.3.1 Background on correspondences . 31 2.3.2 Security properties of Plutus . 35 2.3.3 Analysis of some design details . 41 2.3.4 Additional remarks . 44 3 Access control with labels 47 3.1 EON ........................................ 50 3.1.1 Syntax . 51 3.1.2 Semantics . 52 3.1.3 Queries . 53 3.2 Query evaluation . 54 3.2.1 Basic queries, unguarded transitions . 55 3.2.2 Basic queries, guarded transitions . 58 3.2.3 Queries with sequencing . 58 3.2.4 Efficient query evaluation under further assumptions . 59 3.2.5 Tool support and experiments . 61 3.3 Windows Vista in EON ............................. 62 3.3.1 Attacks on integrity . 63 3.3.2 A usage discipline to recover integrity . 64 3.4 Asbestos in EON ................................. 66 3.4.1 Conditional secrecy . 67 3.4.2 Data isolation in a webserver running on Asbestos . 70 II Security via Access Control 76 4 Access control and types for secrecy 78 4.1 A file-system environment . 79 4.1.1 The file system and its clients . 80 4.1.2 Groups . 80 4.2 A typed pi calculus with file-system constructs . 81 4.2.1 Terms and processes . 81 4.2.2 Some examples (preview) . 83 4.2.3 Types . 85 4.2.4 Preliminaries on typechecking . 86 4.2.5 Typing judgments and rules . 86 4.2.6 Type constraints on the file system . 90 4.2.7 The examples, revisited . 91 4.3 Properties of well-typed systems . 93 iv 4.3.1 Type preservation . 93 4.3.2 Secrecy by typing and access control . 94 4.3.3 Integrity consequences . 95 4.3.4 Reasoning under client collusions . 95 5 Dynamic access control and polymorphism 97 5.1 The untyped conc ı{ calculus . 100 5.1.1 Syntax . 100 5.1.2 Semantics . 103 5.2 A type system for enforcing dynamic specifications . 105 5.2.1 Polymorphic types, constraints, and subtyping . 107 5.2.2 Static invariants . 112 5.2.3 Core typing rules . 114 5.3 Properties of well-typed code . 116 6 Access control and types for integrity 118 6.1 Windows Vista’s integrity model . 121 6.1.1 Windows Vista’s security environment . 121 6.1.2 Some attacks . 122 6.2 A calculus for analyzing DFI on Windows Vista . 123 6.2.1 Syntax and informal semantics . 124 6.2.2 Programming examples . 126 6.2.3 An overview of DFI . 128 6.2.4 An operational semantics that tracks explicit flows . 130 6.3 A type system to enforce DFI . 134 6.3.1 Types and effects . 134 6.3.2 Core typing rules . 135 6.3.3 Typing rules for stuck code . 139 6.3.4 Typing rules for untrusted code . 140 6.3.5 Compromise . 141 6.3.6 Typechecking examples . 142 6.4 Properties of typing . 144 III Preserving Security by Correctness 149 7 Distributed access control 151 7.1 Implementing static access policies . 152 7.2 Implementing dynamic access policies . 156 7.2.1 Safety in a special case . 158 v 7.2.2 Safety in the general case . 159 7.2.3 Obstacles to security . 160 7.2.4 Security in a special case . 162 7.2.5 Security in the general case . 163 7.2.6 Some alternatives . 165 7.3 Definitions and proof techniques . 166 7.4 Formal analysis . 169 7.4.1 Models . 169 7.4.2 Proofs . 172 7.4.3 Some examples of security . 175 8 Discussion 177 A Extended models of Plutus 191 B Supplementary material on EON 196 B.1 Satisfiability in Datalog . 196 B.1.1 Computing extensions . 197 B.1.2 Satisfiability of generalized tuples . 198 B.2 Undecidable query evaluation in an extension of EON ........... 199 C Implementing a typed file system in conc ı{ 202 C.1 Type-directed compilation . 202 C.2 Theorems . 212 D Proofs 213 D.1 Correctness of query evaluation in EON ................... 213 D.2 Soundness of the type system for conc ı{ ................... 214 D.3 Soundness of the type system for DFI on Windows Vista . 220 D.4 Correctness of distributed access control implementations . 234 vi Abstract Foundations of Access Control for Secure Storage by Avik Chaudhuri Over the years, formal techniques have played a significant role in the study of secure communication. Unfortunately, secure storage has received far less attention. In partic- ular, the uses and consequences of dynamic access control for security in file systems, operating systems, and other distributed systems are seldom well-understood. In this dissertation, we develop and apply formal techniques to understand the foundations of access control for security in such systems. Our case studies include the security de- signs of some state-of-the-art storage systems and operating systems. Our techniques are derived from ideas in programming languages and logic. To Pops & Mumma. viii Acknowledgments I am very fortunate to have been advised by Mart´ın Abadi in the course of this degree. Mart´ın has been not only a never-ending source of inspiration, but also a remarkably astute coach. I can only hope that his technique, taste, and attitude in research continue to influence my future work. Moreover, I am very grateful to Sriram Rajamani for making possible an intern- ship at Microsoft Research India, around half-way through my degree; and to Bruno Blanchet for making possible a collaboration almost entirely over email, towards the end. Their enthusiasm and persistence in these ventures have been extraordinary. Most of the material in this dissertation is based on collaborative papers; I thank my co-authors, including Mart´ın, Sriram, Bruno, as well as Ganesan Ramalingam, Prasad Naldurg, and Lakshmisubrahmanyam Velaga, for their contributions. Moreover, vari- ous discussions have influenced the presentation of this material; I thank my disserta- tion committee members, including Mart´ın, as well as Scott Brandt, Cormac Flanagan, and Luca de Alfaro, for their suggestions. This work has been supported in part by the National Science Foundation under Grants CCR-0204162, CCR-0208800, and CCF- 0524078, and by Livermore National Laboratory, Los Alamos National Laboratory, and Sandia National Laboratory under Contract B554869. Several others have been part of this endeavor in their own ways. My friends— especially those of the unparalleled “baskin-?” groups—have refreshed me with coffee, parties, and random debates whenever I needed them. My lovely wife, Reema, has taken care of pretty much everything else. Finally, I cannot even begin to describe what I owe to my parents. With all my love, I therefore dedicate this dissertation to them. ix Chapter 1 Introduction Formal techniques have played a significant role in the study of secure communica- tion in recent years. Specifically, there has been much research in developing process calculi, type systems, logics, and other foundations for the rigorous design and analy- sis of secure communication protocols [Abadi and Fournet, 2001; Abadi and Blanchet, 2003; Gordon and Jeffrey, 2003b; Fournet et al., 2005; Burrows et al., 1989; Blanchet, 2001a]. In comparison, the study of secure storage has received far less formal atten- tion. Yet, over the years storage has assumed a pervasive role in modern computing. Now storage is a fundamental part of most computer systems that we rely on—and un- derstanding secure storage is as important as understanding secure communication. One might wonder whether the foundations of secure communication already pro- vide those of secure storage—after all, storage is a form of communication. Indeed, one can think of a file f with content M as a channel f that is ready to send message M; then f may be read and written by receiving and sending messages on f ..
Load more

Recommended publications
  • Applp: a Dialogue on Applications of Logic Programming
    AppLP: A Dialogue on Applications of Logic Programming David S. Warren Yanhong A. Liu Stony Brook University This document describes the contributions of the 2016 Applications of Logic Programming Workshop (AppLP), which was held on October 17 and associated with the International Conference on Logic Programming (ICLP) in Flushing, New York City. Focus and scope The focus of the workshop was applications of logic programming, i.e., application problems, in whole or in part, that are solved by using logic programming languages and systems. A particular theme of interest was to explore the ease of development and maintenance, clarity, performance, and tradeoffs among these features, brought about by programming using a logic paradigm. The goal was to help provide directions for future research advances and application development. Real-world problems increasingly involve complex data and logic, making the use of logic pro- gramming more and more beneficial for such complex applications. Despite the diverse areas of application, their common underlying requirements are centered around ease of development and maintenance, clarity, performance, integration with other tools, and tradeoffs among these prop- erties. Better understanding of these important principles will help advance logic programming research and lead to benefits for logic programming applications. The workshop was organized around four main areas of application: Enterprise Software, Con- trol Systems, Intelligent Agents, and Deep Analysis. These general areas included topics such as business intelligence, ontology management, text processing, program analysis, model checking, access control, network programming, resource allocation, system optimization, decision making, and policy administration. The issues proposed for discussion included language features, imple- mentation efficiency, tool support and integration, evaluation methods, as well as teaching and training.
    [Show full text]
  • 2Nd USENIX Conference on Web Application Development (Webapps ’11)
    conference proceedings Proceedings of the 2nd USENIX Conference Application on Web Development 2nd USENIX Conference on Web Application Development (WebApps ’11) Portland, OR, USA Portland, OR, USA June 15–16, 2011 Sponsored by June 15–16, 2011 © 2011 by The USENIX Association All Rights Reserved This volume is published as a collective work. Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. Permission is granted to print, primarily for one person’s exclusive use, a single copy of these Proceedings. USENIX acknowledges all trademarks herein. ISBN 978-931971-86-7 USENIX Association Proceedings of the 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Conference Organizers Program Chair Armando Fox, University of California, Berkeley Program Committee Adam Barth, Google Inc. Abdur Chowdhury, Twitter Jon Howell, Microsoft Research Collin Jackson, Carnegie Mellon University Bobby Johnson, Facebook Emre Kıcıman, Microsoft Research Michael E. Maximilien, IBM Research Owen O’Malley, Yahoo! Research John Ousterhout, Stanford University Swami Sivasubramanian, Amazon Web Services Geoffrey M. Voelker, University of California, San Diego Nickolai Zeldovich, Massachusetts Institute of Technology The USENIX Association Staff WebApps ’11: 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Message from the Program Chair . v Wednesday, June 15 10:30–Noon GuardRails: A Data-Centric Web Application Security Framework . 1 Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans, University of Virginia PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks .
    [Show full text]
  • Automated Security Analysis of Virtualized Infrastructures
    Automated Security Analysis of Virtualized Infrastructures Zur Erlangung des akademischen Grades Doktor-Ingenieur (Dr.-Ing.) genehmigte Dissertation von Sören Bleikertz, M.Sc. aus Leverkusen Tag der Einreichung: 15.02.2017, Tag der Prüfung: 17.05.2017 2017 — Darmstadt — D 17 1. Gutachten: Prof. Dr. Michael Waidner 2. Gutachten: Dr. Thomas Groß, University of Newcastle upon Tyne Security in Information Technology Fachbereich Informatik Automated Security Analysis of Virtualized Infrastructures Genehmigte Dissertation von Sören Bleikertz, M.Sc. aus Leverkusen 1. Gutachten: Prof. Dr. Michael Waidner 2. Gutachten: Dr. Thomas Groß, University of Newcastle upon Tyne Tag der Einreichung: 15.02.2017 Tag der Prüfung: 17.05.2017 Darmstadt — D 17 Erklärung zur Dissertation Hiermit versichere ich, die vorliegende Dissertation ohne Hilfe Dritter nur mit den an- gegebenen Quellen und Hilfsmitteln angefertigt zu haben. Alle Stellen, die aus Quellen entnommen wurden, sind als solche kenntlich gemacht. Diese Arbeit hat in gleicher oder ähnlicher Form noch keiner Prüfungsbehörde vorgelegen. Horgen, Schweiz, den 16.07.2017 (Sören Bleikertz, M.Sc.) 1 Abstract Virtualization enables the increasing efficiency and elasticity of modern IT infrastructures, including Infrastructure as a Service. However, the operational complexity of virtualized infrastructures is high, due to their dynamics, multi-tenancy, and size. Misconfigurations and insider attacks carry significant operational and security risks, such as breaches in tenant isolation, which put both the infrastructure provider and tenants at risk. In this thesis we study the question if it is possible to model and analyze complex, scalable, and dynamic virtualized infrastructures with regard to user-defined security and operational policies in an automated way.
    [Show full text]
  • Downloads/Pws-Whitepaper-May-2006-De.Pdf, 28.07.2008
    Privacy and Identity Management in Europe for Life Infrastructure for Trusted Content Editors: Dr. Stephan Spitz (GD) Dr. Walter Hinz (GD) Dr. Marc-Michael Bergfeld (GD) Reviewers: Karel Wouters (KUL) Aleksandra Kuczerawy (KUL) Identifier: D6.2.1 Type: Deliverable Class: Public Date: 28 August 2008 Abstract As the usage of information and communication technology increases in private and professional life, personal data is widely stored. While service providers need to rely on identifying their customers, conscious identity management and privacy develops into a new value for the service user, especially in the electronic service context. Here, modern technology infrastructures can assist in providing security to both sides by assuring identification and privacy at the same time. This paper introduces the ‘Security of Service’ concept and presents different technical environments through which it can be established. Privacy in service composition is elaborated conceptually and from a technological standpoint. Potential authentication scenarios and emerging use cases are introduced. In conclusion, implications for the needed technological infrastructures are derived and necessary future research directions are indicated. Copyright © 2008 by the PrimeLife Consortium The research leading to these results has received funding from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n o 216483. Members of the PrimeLife Consortium 1. IBM Research GmbH IBM Switzerland 2. Unabhängiges Landeszentrum für Datenschutz ULD Germany 3. Technische Universität Dresden TUD Germany 4. Karlstads Universitet KAU Sweden 5. Università degli Studi di Milano UNIMI Italy 6. Johann Wolfgang Goethe – Universität Frankfurt am Main GUF Germany 7. Stichting Katholieke Universiteit Brabant TILT Netherlands 8.
    [Show full text]
  • Conference Reports ELECTRONIC SUPPLEMENT
    DECEMBER 2012 vOL. 37, NO. 6 Conference Reports ELECTRONIC SUPPLEMENT 21st USENIX Security Symposium (USENIX and that they also knew what the US was doing (capabilities) Security ’12) through the use of spies in the US and their interception of our ciphers (access). After considering all of these differ- Bellevue, WA August 8–10, 2012 ent criteria, cryptographers could then attempt to provide information assurance in the face of this particular enemy. Opening Remarks Again focusing on communications, they examined the Summarized by Rik Farrow ([email protected]) security of the SAVILLE cipher and its usage in the VINSON Program Chair Tadayoshi Kohno (University of Washing- hand-held radio. Additionally, they really had time to do it ton) opened the conference by telling us that there were 222 right: the SAVILLE cipher was developed in the 1950s, evalu- papers submitted and 42 accepted. By replacing four invited ated in the 1960s, and then finally implemented in VINSON talks sessions with paper presentations, more papers could and deployed in 1976; this meant that they could look closely be accepted than in the past. at both the algorithm and its implementation to try to find When the conference began, there were 484 attendees; 84 potential attacks. students received travel grants using money provided by the In modern times, the field has once again changed dramati- National Science Foundation, with Google and Microsoft cally. One of the main catalysts for these changes was the being the next largest sponsors. introduction of the Data Encryption Standard (DES), which Best Paper awards went to “Mining Your Ps and Qs: Detec- was created through a competition held by NIST.
    [Show full text]
  • Access Control Models for Collaborative Applications Asma Cherif
    Access Control Models for Collaborative Applications Asma Cherif To cite this version: Asma Cherif. Access Control Models for Collaborative Applications. Distributed, Parallel, and Cluster Computing [cs.DC]. Université de Lorraine, 2012. English. NNT : 2012LORR0217. tel-01749620v2 HAL Id: tel-01749620 https://tel.archives-ouvertes.fr/tel-01749620v2 Submitted on 11 Dec 2014 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UFR math´ematiques et informatique Ecole´ doctorale IAEM Lorraine D´epartement de formation doctorale en informatique Mod`elesde Contr^oled'Acc`espour Les Applications Collaboratives THESE` pr´esent´eeet soutenue publiquement le 26 Novembre 2012 pour l'obtention du Doctorat de l'universit´eNancy 2 (sp´ecialit´einformatique) par Asma CHERIF Composition du jury Pr´esident: Kamel SMAILI Pr. Universit´ede Lorraine Rapporteurs : Fr´ed´ericCUPPENS Pr. ENST Bretagne Achour MOSTEFAOUI Pr. Universit´ede Nantes Examinateurs : Ladjel BELLATRECHE Pr. LIAS/ISAE ENSMA Poitiers Sophie CHABRIDON Mcf. T´el´ecom Sud Paris Directeurs de thèse : Abdessamad IMINE Mcf. Universit´ede Lorraine Micha¨elRUSINOWITCH Dr. Inria Nancy Grand Est Laboratoire Lorrain de Recherche en Informatique et ses Applications | UMR 7503 Mis en page avec la classe thloria.
    [Show full text]
  • Cybersecurity Initiative Flanders Strategic Research Programme
    VR 2019 1312 DOC.1235/5 Cybersecurity Initiative Flanders Strategic Research Programme July 2019 Contributing Authors: Bart De Decker, Bart Jacobs, Bart Preneel, Benedikt Gierlichs, Bert Lagaisse, Bjorn De Sutter, Bruno Crispo, Claudia Diaz, Coen De Roover, Cyprien Delpech de Saint Guilhem, Danny De Cock, Danny Hughes, Dave Singelee, Davy Preuveneers, Dimitri Van Landuyt, Dominique Devriese, Elena Andreeva, Elisa Gonzales Boix , Els Kindt, Emmanuela Orsini, Enrique Argones Rua, Frank Piessens, Frederik Vercauteren, Ingrid Verbauwhede, Jan Tobias Mühlberg, Koen Yskout, Lieven Desmet, Nele Mentens, Nigel Smart, Peggy Valcke, Pieter Maene, Sam Michiels, Stijn Volckaert, Svetla Nikova, Vincent Naessens, Vincent Rijmen, Wolfgang De Meuter, Wouter Castryck, Wouter Joosen Cybersecurity Initiative Flanders- Strategic Research Programme Page 2 | Introduction Cybersecurity Initiative Flanders - Strategic Research Programme 1. Introduction Context and Motivation: Cybersecurity, Challenge and Opportunity While the digital transformation has a strongly increasing and positive impact on our society and our economy, the lack of adequate cybersecurity in our systems, platforms and services can lead to major dangers, risks and problems. More and more information is being collected and analyzed, leading to significant efficiency gains and new applications. In cyber-physical systems, this results in far-reaching automation with, among other things, autonomous robots, cars and drones. The entire infrastructure of society is also being transformed; we get smarter cities (smart cities), smart transport systems (smart transport) and smart electricity grids (smart grids), smarter hospital facilities, etc. This transformation affects all sectors, both within the government (general policy, education and health, infrastructure, police, defense) and within the private industry: critical infrastructure, transport, manufacturing, financial sector, media, health sector.
    [Show full text]
  • To the Memory of Our Colleague and Friend Andreas Pfitzmann
    To the memory of our colleague and friend Andreas Pfitzmann The protection of people’s privacy was dear to Andreas’ heart. He was an inspiration to all of us, and many of the results presented in this book owe to him. Preface Publication is a self-invasion of privacy. Marshall McLuhan Individuals in the Information Society want to safeguard their autonomy and retain control over their personal information, irrespective of their activities. Information technologies generally do not consider those user requirements, thereby putting the privacy of the citizen at risk. At the same time, the Internet is changing from a client- server to a collaborative paradigm. Individuals are contributing throughout their life leaving a life-long trace of personal data. This raises substantial new privacy chal- lenges. Saving digital privacy. By 2008, the European project PRIME (Privacy and Identity Management for Europe) had demonstrated that existing privacy technologies can enable citizens to execute their legal rights to control their personal information in on-line transactions. It had raised considerable awareness amongst stakeholders and has significantly advanced the state of the art in the areas of privacy and identity management. PrimeLife has been building on the momentum created and the results achieved by PRIME to address emerging challenges in the areas of privacy and identity management and really bring privacy and identity management to live: A first, short-term goal of PrimeLife was to provide scalable and configurable • privacy and identity management in new and emerging internet services and ap- plications such as virtual communities and Web 2.0 collaborative applications.
    [Show full text]
  • Small Tcbs of Policy-Controlled Operating Systems
    Anja Pölck Small TCBs of Policy-controlled Operating Systems Small TCBs of Policy-controlled Operating Systems Anja Pölck Universitätsverlag Ilmenau 2014 Impressum Bibliografische Information der Deutschen Nationalbibliothek Die Deutsche Nationalbibliothek verzeichnet diese Publikation in der Deutschen Nationalbibliografie; detaillierte bibliografische Angaben sind im Internet über http://dnb.d-nb.de abrufbar. Diese Arbeit hat der Fakultät für Informatik und Automatisierung der Technischen Universität Ilmenau als Dissertation vorgelegen. Tag der Einreichung: 1. Juli 2013 1. Gutachter: Prof. Dr.-Ing. habil. Winfried E. Kühnhauser (Technische Universität Ilmenau) 2. Gutachter: Prof. Dr. Elisa Bertino (Purdue University, West Lafayette, Indiana, USA) 3. Gutachter: Prof. Dr.-Ing. habil Wolfgang Fengler (Technische Universität Ilmenau) Tag der Verteidigung: 19. Dezember 2013 Technische Universität Ilmenau/Universitätsbibliothek Universitätsverlag Ilmenau Postfach 10 05 65 98684 Ilmenau www.tu-ilmenau.de/universitaetsverlag Herstellung und Auslieferung Verlagshaus Monsenstein und Vannerdat OHG Am Hawerkamp 31 48155 Münster www.mv-verlag.de ISBN 978-3-86360-090-7 (Druckausgabe) URN urn:nbn:de:gbv:ilm1-2013000632 Titelphoto: photocase.com Abstract IT systems with advanced security requirements increasingly apply problem-specific security policies for describing, analyzing, and implementing security properties. Security policies are a vital part of a system’s trusted computing base (TCB). Hence, both correctness and tamper-proofness of a TCB’s implementation are essential for establishing, preserving, and guaranteeing a system’s security properties. Today’s operating systems often show that implementing security policies is a challenge; for more than forty years, they have provided only a rather elementary support for discretionary, identity-based access control policies. As a consequence, major parts of the applications’ security policies are implemented by the applications themselves, resulting in large, heteroge- neous, and distributed TCB implementations.
    [Show full text]
  • Bulletin EATCS
    1 1 ISSN 0252–9742 Bulletin of the European Association for Theoretical Computer Science EATCS E A T C S Number 98 June 2009 1 1 2 2 2 2 3 3 C E A T C S P:G A I V P:B M G D S U K P S G T:D J B B E:M S S L A I M M I K A T N M N D P-L C F C P F J D´ S D P I Z´ É H V S U K F F N Jˇ´ S C R G F. I I A T P J K¨ F W T G R E. L USA I W G J L T N E W S E M I G W¨ T N P P: M N (1972–1977)M P (1977–1979) A S (1979–1985)G R (1985–1994) W B (1994–1997)J D´ (1997–2002) M N (2002–2006) 3 3 4 4 EATCS C M Luca Aceto . [email protected] Giorgio Ausiello . [email protected] Krzysztof Apt . [email protected] Pierre-Louis Curien . [email protected] Josep Díaz . [email protected] Zoltán Ésik . [email protected] Fedor Fomin . [email protected] Giuseppe F. Italiano . [email protected] Dirk Janssens . [email protected] Juhani Karhumäki . [email protected] Richard E. Ladner . [email protected] Jan van Leeuwen . [email protected] Eugenio Moggi . [email protected] Burkhard Monien . [email protected] Madhavan Mukund .
    [Show full text]