|Search Duke CS||
SAFE addresses this challenge by (i) proposing a distributed authenticated data repository for storing the credentials and policies; (ii) introducing a programmable credential discovery and assembly layer that generates the appropriate tailored context for a given request. The authenticated data repository is built upon a scalable key-value store with its contents named by secure identifiers and certified by the issuing principal. The SAFE language provides scripting primitives to generate and organize logic sets representing credentials and policies, materialize the logic sets as certificates, and link them to reflect delegation patterns in the application. The authorizer fetches the logic sets on demand, then validates and caches them locally for further use. Upon each request, the authorizer constructs the tailored proof context and provides it to the SAFE inference for certified validation. Delegation-driven credential linking with certified data distribution provides flexible and dynamic policy control within an agile security and trust infrastructure.
We evaluated SAFE by using it to build example applications based on case studies drawn from practice: (i) a secure name service similar to DNS that resolves names across multi-domain federated systems; (ii) a secure proxy shim to support rich access control in a key-value store; (iii) an authorization module for a networked infrastructure-as-a-service system with a federated trust structure (NSF GENI architecture); and (iv) authorization rules for a secure cooperative data analytics service that enables computation on sensitive data in compliance with secrecy constraints. We present empirical evaluation based on these case studies.