Mahesh V. Tripunitara

Learn More
Separation of Duty (SoD) is widely considered to be a fundamental principle in computer security. A Static SoD (SSoD) policy states that in order to have all permissions necessary to complete a sensitive task, the cooperation of at least a certain number of users is required. In Role-Based Access Control (RBAC), Statically Mutually Exclusive Role (SMER)(More)
Delegation is often used in administrative models for Role-Based Access Control (RBAC) systems to decentralize administration tasks. While the use of delegation greatly enhances flexibility and scalability, it may reduce the control that an organization has over its resources, thereby diminishing a major advantage RBAC has over Discretionary Access(More)
Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. While such comparisons are generally based on simulations between different access control schemes, the definitions for simulations that are used in the literature are informal, and make it impossible to put results and claims about the(More)
Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the context of role-based access control. We show that(More)
Circuit camouflaging is a recently proposed defense mechanism to protect digital integrated circuits (ICs) from reverse engineering attacks by using camouflaged gates, i.e., logic gates whose functionality cannot be precisely determined by the attacker. Recent work appears to establish that an attacker requires time that is exponential in the number of(More)
The fabrication of digital Integrated Circuits (ICs) is increasingly outsourced. Given this trend, security is recognized as an important issue. The threat agent is an attacker at the IC foundry that has information about the circuit and inserts covert, malicious circuitry. The use of 3D IC technology has been suggested as a possible technique to counter(More)
An apparently prevailing myth is that safety is undecidable in discretionary access control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable. In this paper we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman (1976) access matrix scheme, in which safety is undecidable. We(More)
Verifying that access-control systems maintain desired security properties is recognized as an important problem in security. Enterprise access-control systems have grown to protect tens of thousands of resources, and there is a need for verification to scale commensurately. We present a new abstraction-refinement technique for automatically finding errors(More)
We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that upon removal of any <i>s</i> users, there should still exist <i>d</i> disjoint sets of users such that the users in each set together(More)
Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. Such comparisons are generally based on simulations between different access control schemes. However, the definitions for simulations that are used in the literature make it impossible to put results and claims about the expressive power of(More)