The Grey Project

Co-leads: Lujo Bauer and Mike Reiter

The Grey project is an experiment to create a universal and highly secure access-control system via a smartphone app. Grey builds from formal techniques for proving authorization that assure sound access decisions and that permit virtually unlimited flexibility in the policies that can be implemented.

Grey has been used to provide access to physical space, computer logins, and web applications. Grey has been deployed since 2005 in parts of the Collaborative Innovation Center on CMU's campus and is currently in regular use by 50+ people and provides secure access to 40+ office and lab spaces.


Demo video

Publications

Toward strong, usable access control for shared distributed data.   [BibTeX, talk video]
Michelle L. Mazurek, Yuan Liang, William Melicher, Manya Sleeper, Lujo Bauer, Gregory R. Ganger, Nitin Gupta, and Michael K. Reiter.
In Proceedings of the 12th USENIX Conference on File and Storage Technologies (FAST '14), February 2014. USENIX.

Discovering access-control misconfigurations: New approaches and evaluation methodologies.   [BibTeX]
Lujo Bauer, Yuan Liang, Michael K. Reiter, and Chad Spensky.
In CODASPY'12: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, February 2012. © ACM  DOI:10.1145/2133601.2133613

Detecting and resolving policy misconfigurations in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
ACM Transactions on Information and System Security, 14(1), May 2011. ACM. © ACM  DOI:10.1145/1952982.1952984

Detecting and resolving policy misconfigurations in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pages 185–194, June 2008. ACM. © ACM  DOI:10.1145/1377836.1377866

A user study of policy creation in a flexible access-control system.   [BibTeX]
Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea.
In CHI 2008: Conference on Human Factors in Computing Systems, pages 543–552, April 2008. ACM. © ACM  DOI:10.1145/1357054.1357143

Efficient proving for practical distributed access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
In Computer Security—ESORICS 2007: 12th European Symposium on Research in Computer Security, volume 4734 of Lecture Notes in Computer Science, pages 19–37, September 2007. Springer. (Full version appears as technical report CMU-CyLab-06-015R.) © Springer-Verlag  DOI:10.1007/978-3-540-74835-9_3

Lessons learned from the deployment of a smartphone-based access-control system.   [BibTeX]
Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea.
In SOUPS '07: Proceedings of the 3rd Symposium on Usable Privacy and Security, pages 64–75, July 2007. ACM. © authors  DOI:10.1145/1280680.1280689

Consumable credentials in logic-based access-control systems.   [BibTeX]
Kevin D. Bowers, Lujo Bauer, Deepak Garg, Frank Pfenning, and Michael K. Reiter.
In Proceedings of the 2007 Network & Distributed System Security Symposium, pages 143–157, February 2007. Internet Society. © Internet Society

User-controllable security and privacy for pervasive computing.   [BibTeX]
Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh.
In Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), pages 14–19, February 2007. IEEE. © IEEE  DOI:10.1109/WMCSA.2007.4389552

A linear logic of authorization and knowledge.   [BibTeX]
Deepak Garg, Lujo Bauer, Kevin D. Bowers, Frank Pfenning, and Michael K. Reiter.
In Computer Security—ESORICS 2006: 11th European Symposium on Research in Computer Security, volume 4189 of Lecture Notes in Computer Science, pages 297–312, September 2006. Springer. Official, slightly abbreviated version. © Springer-Verlag  DOI:10.1007/11863908_19

Device-enabled authorization in the Grey system.   [BibTeX]
Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar.
In Information Security: 8th International Conference, ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages 431–445, September 2005. Springer. An extended version of this paper appears as a tech report. © Springer-Verlag  DOI:10.1007/11556992_31


Last updated 2015.12.07. Copyright © 2007-15 by Lujo Bauer & Mike Reiter.