A Proof-Carrying File System With Revocable and Use-Once Certificates
The authors present the design and implementation of a file system which allows authorizations dependent on revocable and use-once policy certificates. Authorizations require explicit proof objects, combining ideas from previous authorization logics and Girard's linear logic. Use-once certificates and revocations lists are maintained in a database that is consulted during file access. Experimental results demonstrate that the overhead of using the database is not significant in practice. In the past decade, Proof-Carrying Authorization (PCA) has emerged as a promising, open-ended architecture for rigorous enforcement of authorization policies.