Medina: Combining Evidence to Build Trust

Security mechanisms require °exibility to accommodate the frailties of the imperfect people that use them. For example, password systems typically allow users who forget their passwords to reset their password after passing some other test. More gen-

erally, many human decisions of trust are based on weighing a preponderance of evidence in an ad hoc fashion. We present Medina, an authentication system based on combining various forms of evidence in a computational framework. Medina assumes that

all authorization decisions are based on weighing a variety of evidence and brings elements of security (such as what happens when someone forgets their

password) into a computational framework. Medina also allows for a range of access control policies that are less strict and/or more °exible than traditional

security mechanisms.

10.1.1.111.9345.pdf
PDF file

In  Web 2.0 Security and Privacy, in conjunction with IEEE Symposium on Security and Privacy

Details

TypeInproceedings
> Publications > Medina: Combining Evidence to Build Trust