authorization yuri gurevich with andreas blass michal
play

Authorization Yuri Gurevich with Andreas Blass, Michal Moskal, Itay - PowerPoint PPT Presentation

Jan 22, 2024 •367 likes •741 views

Evidential Authorization Yuri Gurevich with Andreas Blass, Michal Moskal, Itay Neeman Future of Software Engineering, Zurich, Nov 2010 1 1 The future aint what it used to be. Yogi Berra 2 MOTIVATION Drawings by Hava Gurevich 3

  1. Evidential Authorization Yuri Gurevich with Andreas Blass, Michal Moskal, Itay Neeman Future of Software Engineering, Zurich, Nov 2010 1 1

  2. “The future ain’t what it used to be.” Yogi Berra 2

  3. § MOTIVATION Drawings by Hava Gurevich 3

  4. You manage a public cloud Attracting fat customers The security problem A glorified blob store? The promise of cryptography The mystery of the world of brick and mortar 4

  5. Example: Commerce An involved support system  Banks issue letters of credit  Insurance companies underwrite the transactions and transportation  ... Numerous policies are enforced. 5

  6. Another example: Clinical trials Here are some actors in that drama: Trial organizer  CRO = Contract Research Organization = Clinical Research Organization Trial sites  University hospitals for example. Physicians, also lab technicians, auditors, etc. 6

  7. Yet another example Compliance 7

  8. Lifting to the cloud In the case of a clinical trial, we’d like that all patient info is (properly guarded) in the cloud.  There will be another actor: Policies must high level.  To allow comprehension and reasoning . Policies must be stated formally.  To allow automation . Cryptography is indispensible in enforcing policies but first we need a policy language 8

  9. Enter DKAL Distributed Knowledge Authorization Language was created with such applications in mind. It required foundational logic investigation. It is in the process of tech transfer. 9

  10. § PROBLEM 10

  11. Authorization used to be simple The authorization matrix  ACLs vs. the capability model Problems  Groups, exceptions and combinations of such  From ACL’s to policies  Security, in particular privacy  Federated scenarious 11

  12. Authz is only a tip of the policy iceberg Security policies beyond permit/deny  “Change you password every 6 weeks.” Policies beyond typical security  “The physician will not see you before you fill the questionnaire.”  Attire: business casual Organizations, including governments, are drowning in policies, laws, regulations, etc. 12

  13. Engineering solutions Decentralized and imperative XACML XrML and weak in the semantics department 13

  14. Logic-based solutions centralized and declarative Principal Principal Engine Principal Principal Principal 14

  15. How to bridge the gap? There is a genuine tension between logic and federated scenarios. Logic is centralized and declarative. Federated scenarios are decentralized and imperative. 15

  16. § RELATIVITY 16

  17. Infons Real world statements are rarely true or false. Turning right on red light is legal. 1. This picture is beautiful. Haggis is edible. 2. In case 1, as in relativity theory, the value (in this case the truth value) depends on observer’s place. In case 2, the truth value may be ill-defined even for observers. Forget about truth values and treat statements as pieces of information, infons. It is not about whether the infon is true or false; it is about which parties know the infon and which don’t. 17

  18. Infon logic Infon logic happens to be a conservative extension of well-known constructive (aka intuitionistic) logic. The extension is by means of connectives “p said x” and “p implied x”. (The first is essentially a special case of the second; we’ll return to the issue.) “P is trusted on saying x” abbreviates “(P said x)  x”. And similarly for implying x. 18

  19. Knowledge vs. information Plato’s Theaetetus Infon logic is sort of an information theory. So called epistemic logics are really about information as well. Infon logic is not an intuitionistic version of known knowledge logics. There you have “Yuri knows that Bertrand knows x”. But Yuri only knows what Bertrand said or implied. Knowledge remains informal. The omniscience paradox 19

  20. Algorithmics Primal infon logic The linear-time decision procedure 20

  21. § FEDERATION 21

  22. Communicating principals The DKAL world consists of communicating principals. There is nothing else. Principals live in their own states, control their privacy and compute their knowledge. 22

  23. The state of a principal Conceptually state = substrate + infostrate. The substrate is a database (or a collection of such). For example, the substrate of a trial organizer may contain, for each trial, a relation where each row is an actual or potential trial site. 23

  24. Infostrate Knowledge assertions  These are infons (syntactically, infon formulas) Communication rules Filters 24

  25. What does principal know? 1. Knowledge assertions  He may have some knowledge assertions from birth  An incoming message may result in a new knowledge assertion.  Assertions may be deleted. 2. Results of infon-logic deductions from his valid assertions. 25

  26. Remarks It is not necessary that every principal speaks DKAL.  Guido’s work on DKAL adjudication engine for XACML. Having communication in the language facilitates analysis of multiple policies. 26

  27. § COMMUNICATION 27

  28. Declarative is too narrow This is really a separate lecture. Declarative vs. high-level The EU suit against Microsoft 28

  29. Communication rules if premise then send [justified] to recipient content Here premise and content are infon formulas and recipient is a term. How does it work? 29

  30. One abbreviation if premise then say [justified] to recipient content for if premise then send [justified] to recipient sender said content 30

  31. Most fascinating is a feature that would make any journalist tremble. Tuyuca requires verb-endings to show how the speaker knows something. Diga ape-wi means “the boy played soccer (I saw him)”. Diga ape-hiyi means “the boy played soccer (I assume)”. English can provide such information, but for Tuyuca that is obligatory. ---The Economist, January 1, 2010 (slightly simplified) § EVIDENTIAL DKAL 31

  32. Simple justifications of principal A If ϕ has the form (A said α ) or β  (A implied α ), then a cryptographic signature of principal A under (a strong hash of) the ϕ is a justification for ϕ . (The first is essentially the special case of the second.) 32

  33. Composite justifications of A A justification for an arbitrary infon formula ϕ is a derivation of ϕ in infon logic from simple justifications, and axioms of shared theories e.g. arithmetic. 33

  34. § CLINICAL TRIALS 34

  35. To demo or not to demo The demo requires internet connection (to use an SQL engine in the cloud), time. 35

  36. Instead of the demo Org Site KeyMgr Phys ... … Site Phys 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Impugning Alleged Randomness Yuri Gurevich Guanajuato, Nov 13, 2014 1 impugn ( mpjun )

Impugning Alleged Randomness Yuri Gurevich Guanajuato, Nov 13, 2014 1 impugn ( mpjun )

Impugning Alleged Randomness Yuri Gurevich Guanajuato, Nov 13, 2014 1 impugn ( mpjun ) vb ( tr ) to challenge or attack as false; assail; criticize from Old French impugner, from Latin impugnre to fight against, attack, from im- +

493 views • 30 slides
Impugning Alleged Randomness Yuri Gurevich Tallinn, April 28, 2014 1 impugn ( mpjun )

Impugning Alleged Randomness Yuri Gurevich Tallinn, April 28, 2014 1 impugn ( mpjun )

Impugning Alleged Randomness Yuri Gurevich Tallinn, April 28, 2014 1 impugn ( mpjun ) vb ( tr ) to challenge or attack as false; assail; criticize from Old French impugner, from Latin impugnre to fight against, attack, from im- +

577 views • 41 slides
can be done in linear time? Yuri Gurevich Tallinn, April 29, 2014 Agenda 1. What linear time?

can be done in linear time? Yuri Gurevich Tallinn, April 29, 2014 Agenda 1. What linear time?

What, if anything, can be done in linear time? Yuri Gurevich Tallinn, April 29, 2014 Agenda 1. What linear time? Why linear time? 2. Propositional primal infon logic 3. A linear time decision algorithm 4. Extensions with 1. Disjunction 2.

632 views • 48 slides
Proving Churchs Thesis Nachum Dershowitz w/ Yuri Gurevich What is the thesis? Churchs

Proving Churchs Thesis Nachum Dershowitz w/ Yuri Gurevich What is the thesis? Churchs

Proving Churchs Thesis Nachum Dershowitz w/ Yuri Gurevich What is the thesis? Churchs Thesis (1936) Recursive functions capture effective computability Recursive Functions Partial functions on natural numbers Initial

1.69k views • 145 slides
Remote delivery of postgraduate-level courses http://maths-magic.ac.uk/ Yuri Bazlov Yuri Bazlov

Remote delivery of postgraduate-level courses http://maths-magic.ac.uk/ Yuri Bazlov Yuri Bazlov

Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov Yuri Bazlov yuri.bazlov@manchester.ac.uk yuri.bazlov@manchester.ac.uk yuri.bazlov@manchester.ac.uk

226 views • 9 slides
Metafinite Model Theory Erich Grdel joint work with Yuri Gurevich (once upon a time . . . )

Metafinite Model Theory Erich Grdel joint work with Yuri Gurevich (once upon a time . . . )

Metafinite Model Theory Erich Grdel joint work with Yuri Gurevich (once upon a time . . . ) Erich Grdel Metafinite Model Theory Finite model theory versus computability Fundamental difference between logic and classical algorithmic

882 views • 38 slides
Ultrafilters and Set Theory Andreas Blass University of Michigan Ann Arbor, MI 48109

Ultrafilters and Set Theory Andreas Blass University of Michigan Ann Arbor, MI 48109

Ultrafilters and Set Theory Andreas Blass University of Michigan Ann Arbor, MI 48109 ablass@umich.edu Ultrafilters and Set Theory Ultrafilters and Set Theory But not large cardinals (Itay Neeman) Ultrafilters and Set Theory But not

1.13k views • 82 slides
LOGIC OF GAMES Andreas Blass University of Michigan Ann Arbor, MI 48109 ablass@umich.edu Games

LOGIC OF GAMES Andreas Blass University of Michigan Ann Arbor, MI 48109 ablass@umich.edu Games

LOGIC OF GAMES Andreas Blass University of Michigan Ann Arbor, MI 48109 ablass@umich.edu Games in Logic Games in Logic Two main sorts of logical games. Games in Logic Two main sorts of logical games. (1) Truth of formulas in a structure is

946 views • 69 slides
Branching laws for non-generic representations Max Gurevich National University of Singapore

Branching laws for non-generic representations Max Gurevich National University of Singapore

Restriction Problem Categorical equivalences On unique irreducible quotients Branching laws for non-generic representations Max Gurevich National University of Singapore June 2018, Catholic University of America, Washington, DC Max Gurevich

758 views • 60 slides
Cofinality of classes of ideals with respect to Kat etov and Kat etov-Blass orders Hiroshi

Cofinality of classes of ideals with respect to Kat etov and Kat etov-Blass orders Hiroshi

Cofinality of classes of ideals with respect to Kat etov and Kat etov-Blass orders Hiroshi Sakai (joint with Hiroaki Minami) Kobe University CTFM2015 September 11, 2015 H. Sakai (Kobe) Cofinality of Katetov(-Blass) order CTFM2015 1

470 views • 20 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Spirit Michal Vaner (michal.vaner@avast.com) 1 / 3 About me Michal Vaner

Spirit Michal Vaner (michal.vaner@avast.com) 1 / 3 About me Michal Vaner

Spirit Michal Vaner (michal.vaner@avast.com) 1 / 3 About me Michal Vaner https://github.com/vorner Work in Avast Rust Evangelist Spirit 2 / 3 Spirit Applications contain meat and boilerplate Spirit helps with the boilerplate

408 views • 3 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
Operator and end user performance Michal Ptacin Michal Ptacin 20.5.2005 T-110.456 1

Operator and end user performance Michal Ptacin Michal Ptacin 20.5.2005 T-110.456 1

Operator and end user performance Michal Ptacin Michal Ptacin 20.5.2005 T-110.456 1 Agenda What GSM and UMTS provide for the end user HSDPA Conclusions and expectations Michal Ptacin 20.5.2005 T-110.456 2 Evolution of

396 views • 17 slides
Presenting: Michal Paszkowski Research: Michal Paszkowski, Radoslaw Drabinski Special thanks to:

Presenting: Michal Paszkowski Research: Michal Paszkowski, Radoslaw Drabinski Special thanks to:

Presenting: Michal Paszkowski Research: Michal Paszkowski, Radoslaw Drabinski Special thanks to: Julia Koval It is all about the semantic differences! Desired Semantics Instruction order Value names Distracting Basic Block

662 views • 40 slides
Chapter18 Learning from Observations Sec. 1 - 3 20070607 Chap18 1 Learning Essential for

Chapter18 Learning from Observations Sec. 1 - 3 20070607 Chap18 1 Learning Essential for

Chapter18 Learning from Observations Sec. 1 - 3 20070607 Chap18 1 Learning Essential for unknown environments. i.e. when designer lacks omniscience Learning modifies the agents decision mechanisms to improve performance

446 views • 12 slides
Conclusion Franois Schwarzentruber cole Normale Suprieure Rennes August 6, 2019 1 / 18

Conclusion Franois Schwarzentruber cole Normale Suprieure Rennes August 6, 2019 1 / 18

Conclusion Topics not covered Perspectives Conclusion Franois Schwarzentruber cole Normale Suprieure Rennes August 6, 2019 1 / 18 Conclusion Topics not covered Perspectives Outline Conclusion 1 2 Topics not covered 3

526 views • 18 slides
The Legitimacy of Inference: Argumentation Strategy in rtis Ratnak Ivaras

The Legitimacy of Inference: Argumentation Strategy in rtis Ratnak Ivaras

The Legitimacy of Inference: Argumentation Strategy in rtis Ratnak Ivaras adhanad us .an . am Sara L. Uckelman s.l.uckelman@durham.ac.uk @SaraLUckelman 02 December 2015 Sara L. Uckelman Argumentation Strategy 02 Dec 2015

322 views • 19 slides
Youve Got Mail! A Series of Messages Based On the

Youve Got Mail! A Series of Messages Based On the

2/2/15 Youve Got Mail! A Series of Messages Based On the Le8ers to the Seven Churches Of Revela?on Meet the Sender (Part 1)

448 views • 11 slides
AI TEAMMATES PUT THE PLAYER BACK AT THE CENTER OF OUR FRIENDLY AI BEHAVIOR PLAN Context

AI TEAMMATES PUT THE PLAYER BACK AT THE CENTER OF OUR FRIENDLY AI BEHAVIOR PLAN Context

AI TEAMMATES PUT THE PLAYER BACK AT THE CENTER OF OUR FRIENDLY AI BEHAVIOR PLAN Context Architecture Teammates join the action without stealing the limelight away from the player 1 Follow Fight They react to their surroundings and to the

721 views • 39 slides
Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of

Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of

Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of Justification, 2008) When? 24 October 2012 Table of contents 1. Introduction An example What is Justification Logic Why Justification Logic

392 views • 20 slides
Lecture 2: Intelligent Agents Prof. Julia Hockenmaier juliahmr@illinois.edu

Lecture 2: Intelligent Agents Prof. Julia Hockenmaier juliahmr@illinois.edu

CS440/ECE448: Intro to Artificial Intelligence Lecture 2: Intelligent Agents Prof. Julia Hockenmaier juliahmr@illinois.edu http://cs.illinois.edu/fa11/cs440 Key concepts from last lecture Last time s

436 views • 40 slides
Compact, totally separated and well-ordered types in univalent mathematics Mart n H otzel

Compact, totally separated and well-ordered types in univalent mathematics Mart n H otzel

Compact, totally separated and well-ordered types in univalent mathematics Mart n H otzel Escard o University of Birmingham, UK Mathematical Logic and Constructivity: The Scope and Limits of Neutral Constructivism Department of

505 views • 22 slides

More recommend