Search

Your search keyword '"Lee, Adam J."' showing total 212 results
Start Over Author "Lee, Adam J."
212 results on '"Lee, Adam J."'

4. Effective Access Control in Shared-Operator Multi-tenant Data Stream Management Systems

Author

Zaki, Marian, Lee, Adam J., Chrysanthis, Panos K., Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Singhal, Anoop, editor, and Vaidya, Jaideep, editor

Published
2020
Full Text
View/download PDF

5. On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud (Extended Version)

Author

Garrison III, William C., Shull, Adam, Myers, Steven, and Lee, Adam J.

Subjects
Computer Science - Cryptography and Security
Abstract

The ability to enforce robust and dynamic access controls on cloud-hosted data while simultaneously ensuring confidentiality with respect to the cloud itself is a clear goal for many users and organizations. To this end, there has been much cryptographic research proposing the use of (hierarchical) identity-based encryption, attribute-based encryption, predicate encryption, functional encryption, and related technologies to perform robust and private access control on untrusted cloud providers. However, the vast majority of this work studies static models in which the access control policies being enforced do not change over time. This is contrary to the needs of most practical applications, which leverage dynamic data and/or policies. In this paper, we show that the cryptographic enforcement of dynamic access controls on untrusted platforms incurs computational costs that are likely prohibitive in practice. Specifically, we develop lightweight constructions for enforcing role-based access controls (i.e., $\mathsf{RBAC}_0$) over cloud-hosted files using identity-based and traditional public-key cryptography. This is done under a threat model as close as possible to the one assumed in the cryptographic literature. We prove the correctness of these constructions, and leverage real-world $\mathsf{RBAC}$ datasets and recent techniques developed by the access control community to experimentally analyze, via simulation, their associated computational costs. This analysis shows that supporting revocation, file updates, and other state change functionality is likely to incur prohibitive overheads in even minimally-dynamic, realistic scenarios. We identify a number of bottlenecks in such systems, and fruitful areas for future work that will lead to more natural and efficient constructions for the cryptographic enforcement of dynamic access controls., Comment: 26 pages; extended version of the IEEE S&P paper

Published
2016

7. Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations (Extended Version)

Author

Garrison III, William C. and Lee, Adam J.

Subjects
Computer Science - Cryptography and Security
Abstract

Access control is fundamental to computer security, and has thus been the subject of extensive formal study. In particular, *relative expressiveness analysis* techniques have used formal mappings called *simulations* to explore whether one access control system is capable of emulating another, thereby comparing the expressive power of these systems. Unfortunately, the notions of expressiveness simulation that have been explored vary widely, which makes it difficult to compare results in the literature, and even leads to apparent contradictions between results. Furthermore, some notions of expressiveness simulation make use of non-determinism, and thus cannot be used to define mappings between access control systems that are useful in practical scenarios. In this work, we define the minimum set of properties for an *implementable* access control simulation; i.e., a deterministic "recipe" for using one system in place of another. We then define a wide range of properties spread across several dimensions that can be enforced on top of this minimum definition. These properties define a taxonomy that can be used to separate and compare existing notions of access control simulation, many of which were previously incomparable. We position existing notions of simulation within our properties lattice by formally proving each simulation's equivalence to a corresponding set of properties. Lastly, we take steps towards bridging the gap between theory and practice by exploring the systems implications of points within our properties lattice. This shows that relative expressive analysis is more than just a theoretical tool, and can also guide the choice of the most suitable access control system for a specific application or scenario., Comment: 24-page extended version of "Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations"

Published
2015

8. Shoal: Query Optimization and Operator Placement for Access Controlled Stream Processing Systems

Author

Thoma, Cory, Labrinidis, Alexandros, Lee, Adam J., Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Pandu Rangan, C., Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, and Foley, Simon N., editor

Published
2019
Full Text
View/download PDF

10. The Design and Demonstration of an Actor-Based, Application-Aware Access Control Evaluation Framework

Author

Garrison III, William C., Lee, Adam J., and Hinrichs, Timothy L.

Subjects
Computer Science - Cryptography and Security
Abstract

To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an absolute sense, detached from the application-specific context within which an access control scheme will ultimately be deployed. In this paper, by contrast, we formalize the access control suitability analysis problem, which seeks to evaluate the degree to which a set of candidate access control schemes can meet the needs of an application-specific workload. This process involves both reductions to assess whether a scheme is capable of implementing a workload, as well as cost analysis using ordered measures to quantify the overheads of using each candidate scheme to service the workload. We develop a mathematical framework for analyzing instances of the suitability analysis problem, and evaluate this framework both formally (by quantifying its efficiency and accuracy properties) and practically (by exploring a group-based messaging workload from the literature). An ancillary contribution of our work is the identification of auxiliary machines, which are a useful class of modifications that can be made to enhance the expressive power of an access control scheme without negatively impacting the safety properties of the scheme., Comment: 27-page extended version of "An Actor-Based, Application-Aware Access Control Evaluation Framework"

Published
2013

11. Ephemeral Communication and Communication Places : What Influences College-Aged Negotiation of Instant Messaging Usage Within App Ecosystems?

Author

Thomson, Lauren, Lee, Adam J., Farzan, Rosta, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Chowdhury, Gobinda, editor, McLeod, Julie, editor, Gillet, Val, editor, and Willett, Peter, editor

Published
2018
Full Text
View/download PDF

13. Secured histories: computing group statistics on encrypted data while preserving individual privacy

Author

Rieffel, Eleanor, Biehl, Jacob, van Melle, William, and Lee, Adam J.

Subjects
Computer Science - Cryptography and Security, 94A60, H.3.4, D.4.6
Abstract

As sensors become ever more prevalent, more and more information will be collected about each of us. A longterm research question is how best to support beneficial uses while preserving individual privacy. Presence systems are an emerging class of applications that support collaboration. These systems leverage pervasive sensors to estimate end-user location, activities, and available communication channels. Because such presence data are sensitive, to achieve wide-spread adoption, sharing models must reflect the privacy and sharing preferences of the users. To reflect users' collaborative relationships and sharing desires, we introduce CollaPSE security, in which an individual has full access to her own data, a third party processes the data without learning anything about the data values, and users higher up in the hierarchy learn only statistical information about the employees under them. We describe simple schemes that efficiently realize CollaPSE security for time series data. We implemented these protocols using readily available cryptographic functions, and integrated the protocols with FXPAL's myUnity presence system., Comment: Technical aspects remain largely unchanged. Revised version gives greater emphasis to the application of these methods to presences systems that support workplace communication and collaboration. The writing is more succinct throughout: the revised version is 8 pages, plus references. The final version of this paper will be appear at SECOTS 2011 as "Secured histories for presence systems."

Published
2010

19. Bounding Trust under Uncertain Topology Information in Reputation-Based Trust Systems

Author

Gong, Xi, Yu, Ting, Lee, Adam J., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Wang, Jianyong, editor, Xiong, Hui, editor, Ishikawa, Yoshiharu, editor, Xu, Jianliang, editor, and Zhou, Junfeng, editor

Published
2013
Full Text
View/download PDF

20. Policy Administration in Tag-Based Authorization

Author

Etalle, Sandro, Hinrichs, Timothy L., Lee, Adam J., Trivellato, Daniel, Zannone, Nicola, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Garcia-Alfaro, Joaquin, editor, Cuppens, Frédéric, editor, Cuppens-Boulahia, Nora, editor, Miri, Ali, editor, and Tawbi, Nadia, editor

Published
2013
Full Text
View/download PDF

21. My Privacy Policy: Exploring End-user Specification of Free-form Location Access Rules

Author

Patil, Sameer, Le Gall, Yann, Lee, Adam J., Kapadia, Apu, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Blyth, Jim, editor, Dietrich, Sven, editor, and Camp, L. Jean, editor

Published
2012
Full Text
View/download PDF

22. TBA : A Hybrid of Logic and Extensional Access Control Systems

Author

Hinrichs, Timothy L., Garrison, William C., III, Lee, Adam J., Saunders, Skip, Mitchell, John C., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Barthe, Gilles, editor, Datta, Anupam, editor, and Etalle, Sandro, editor

Published
2012
Full Text
View/download PDF

23. Trust Management

Author

Wongchaowart, Brian, Lee, Adam J., van Tilborg, Henk C. A., editor, and Jajodia, Sushil, editor

Published
2011
Full Text
View/download PDF

24. Don’t Reveal My Intension: Protecting User Privacy Using Declarative Preferences during Distributed Query Processing

Author

Farnan, Nicholas L., Lee, Adam J., Chrysanthis, Panos K., Yu, Ting, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Atluri, Vijay, editor, and Diaz, Claudia, editor

Published
2011
Full Text
View/download PDF

31. Traust: A Trust Negotiation Based Authorization Service

Author

Lee, Adam J., Winslett, Marianne, Basney, Jim, Welch, Von, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Stølen, Ketil, editor, Winsborough, William H., editor, Martinelli, Fabio, editor, and Massacci, Fabio, editor

Published
2006
Full Text
View/download PDF

32. Virtual Fingerprinting as a Foundation for Reputation in Open Systems

Author

Lee, Adam J., Winslett, Marianne, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Stølen, Ketil, editor, Winsborough, William H., editor, Martinelli, Fabio, editor, and Massacci, Fabio, editor

Published
2006
Full Text
View/download PDF

33. Supporting Dynamically Changing Authorizations in Pervasive Communication Systems

Author

Lee, Adam J., Boyer, Jodie P., Drexelius, Chris, Naldurg, Prasad, Hill, Raquel L., Campbell, Roy H., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Hutter, Dieter, editor, and Ullmann, Markus, editor

Published
2005
Full Text
View/download PDF

44. Tangible Privacy

Author

Ahmad, Imtiaz, primary, Farzan, Rosta, additional, Kapadia, Apu, additional, and Lee, Adam J., additional

Published
2020
Full Text
View/download PDF

49. Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud.

Author

BERLATO, STEFANO, CARBONE, ROBERTO, LEE, ADAM J., and RANISE, SILVIO

Subjects
LAW enforcement, CRYPTOGRAPHY, CLOUD computing, ARCHITECTURE, DEPLOYMENT (Military strategy)
Abstract

To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers). To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we propose a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results