Check out the new USENIX Web site. next up previous
Next: Summary Up: Problem Previous: Complete Mediation

Complete Authorization

Given a solution to complete mediation, the problem of verifying complete authorization is straightforward, but finding the requirements is difficult. Each controlled operation requires prior mediation for a set of authorization requirements. The verification problem is to ensure that those requirements have been satisfied for all paths to that controlled operation. In this case, multiple security checks may be required (and thus, multiple authorizing functions), but the overall mechanism is basically the same. We need to ensure that the set of authorizing functions that provide the necessary security checks must occur between the initializing function and the controlling function.

Collection of the authorization requirements for the controlled operations is the more complex task. Our runtime analysis tool [6] enables determination of the authorization requirements of controlled operations, so rather than developing a new analysis tool, we use our runtime results to find the authorization requirements.

Catherine Zhang 2002-05-13