I am William Garrison, cited as William C. Garrison III, usually called bill. I am an Assistant Teaching Professor in the Department of Computer Science and Assistant Dean in the School of Computing and Information, both within the University of Pittsburgh.
My research interests are based in the formal study of computer systems to better understand the practical implications of security decisions. My dissertation work is in access control suitability analysis: given the requirements of an application, choose the access control system that is most well-suited to that application among those that are expressive enough to safely satisfy it. This is in contrast to traditional access control evaluation, which is application-agnostic and deems the most expressive system the best. To this end, i am developing techniques that evaluate access control systems while considering application-sensitive requirements and evaluation metrics (both qualitative and quantitative).
My other research interests include usable web privacy tools and mobile malware risk estimation from structural properties of application packages.
[B21a] | "Dynamic Access Control Using Identity-Based Encryption," in Encyclopedia of Cryptography, Security and Privacy, May 2016. [PDF] | ,
[C16a] |
"On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud," in
Proceedings of the 37th IEEE Symposium on Security and Privacy
(S&P 2016):
819–838,
May 2016.
[PDF]
Extended version available as [T16a].
|
,
[C15a] |
"Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations," in
Proceedings of the 28th IEEE Computer Security Foundations Symposium
(CSF 2015):
18–32,
July 2015.
[PDF]
Extended version available as [T15a].
|
,
[C14b] |
"An Actor-Based, Application-Aware Access Control Evaluation Framework," in
Proceedings of the 19th ACM Symposium on Access Control Models and Technologies
(SACMAT 2014):
199–210,
June 2014.
[PDF]
Extended version available as [T13a].
|
,
[C14a] |
"On the Suitability of Dissemination-centric Access Control Systems for Group-centric Sharing," in
Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy
(CODASPY 2014):
1–12,
March 2014.
[PDF]
This paper was awarded Outstanding Paper at CODASPY 2014. Proofs of theorems in this paper available as [T14a].
|
,
[C13a] |
"Application-Sensitive Access Control Evaluation using Parameterized Expressiveness," in
Proceedings of the 26th IEEE Computer Security Foundations Symposium
(CSF 2013):
145–160,
June 2013.
[PDF]
Extended version available as [T13b].
|
,
[C12a] | "The Need for Application-Aware Access Control Evaluation," in Proceedings of the 2012 New Security Paradigms Workshop (NSPW '12): 115–126, September 2012. [PDF] | ,
[C11a] |
"TBA: A Hybrid of Logic and Extensional Access Control Systems," in
Proceedings of the 8th International Workshop on Formal Aspects of Security & Trust
(FAST2011):
198–213,
September 2011.
[PDF]
Extended version available as [T11a].
|
,
[D15a] | "Techniques for Application-Aware Suitability Analysis of Access Control Systems," Ph.D. Dissertation, University of Pittsburgh Department of Computer Science, December 2015. [PDF] | ,
[T16a] |
"On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud (Extended Version),"
arXiv:1602.09069,
April 2016.
[PDF]
Extended version of [C16a].
|
,
[T15a] |
"Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations (Extended Version),"
arXiv:1504.07948,
April 2015.
[PDF]
Extended version of [C15a].
|
,
[T14a] |
"On the Suitability of Dissemination-centric Access Control Systems for Group-centric Sharing (Full Proofs),"
January 2014.
[PDF]
Proofs of theorems in [C14a].
|
,
[T13b] |
"Application-Sensitive Access Control Evaluation using Parameterized Expressiveness (Extended Version),"
April 2013.
[PDF]
Extended version of [C13a].
|
,
[T13a] |
"The Design and Demonstration of an Actor-Based, Application-Aware Access Control Evaluation Framework,"
arXiv:1302.1134,
February 2013.
[PDF]
Extended version of [C14b].
|
,
[T11a] |
"TBA: A Hybrid of Logic and Extensional Access Control Systems (Extended Version),"
University of Pittsburgh Department of Computer Science Technical Report No. TR-11-182,
September 2011.
[PDF]
Extended version of [C11a].
|
,
Term | Catalog # | Title | Links |
---|---|---|---|
Spring 2024 | CS 0441 | Discrete Structures for Computer Science | Website |
Spring 2024 | CS 1657 | Privacy in the Electronic Society | Website |
Spring 2024 | CS 1980 | Team Project Design and Implementation | — |
Fall 2023 | CS 0441 | Discrete Structures for Computer Science | — |
Fall 2023 | CS 1653 | Applied Cryptography and Network Security | — |
Summer 2023 | CS 1501 | Algorithms and Data Structures 2 | — |
Spring 2023 | CS 0441 | Discrete Structures for Computer Science | — |
Spring 2023 | CS 1657 | Privacy in the Electronic Society | — |
Fall 2022 | CS 0441 | Discrete Structures for Computer Science | — |
Fall 2022 | CS 1653 | Applied Cryptography and Network Security | — |
Summer 2022 | CS 0445 | Algorithms and Data Structures 1 | — |
Summer 2022 | CS 1501 | Algorithms and Data Structures 2 | — |
Spring 2022 | CS 0441 | Discrete Structures for Computer Science | — |
Spring 2022 | CS 1657 | Privacy in the Electronic Society | — |
Fall 2021 | CS 0441 | Discrete Structures for Computer Science | — |
Summer 2021 | CS 0445 | Algorithms and Data Structures 1 | — |
Spring 2021 | CS 0441 | Discrete Structures for Computer Science | — |
Spring 2021 | CS 1657 | Privacy in the Electronic Society | — |
Fall 2020 | CS 0441 | Discrete Structures for Computer Science | — |
Fall 2020 | CS 1653 | Applied Cryptography and Network Security | — |
Summer 2020 | CS 0441 | Discrete Structures for Computer Science | — |
Summer 2020 | CS 0445 | Data Structures | — |
Summer 2020 | CS 1699 | Privacy in the Electronic Society | — |
Spring 2020 | CS 1501 | Algorithm Implementation | — |
Spring 2020 | CS 1699 | Privacy in the Electronic Society | — |
Fall 2019 | CS 0445 | Data Structures | — |
Fall 2019 | CS 1501 | Algorithm Implementation | — |
Fall 2019 | CS 1653 | Applied Cryptography and Network Security | — |
Summer 2019 | CS 0441 | Discrete Structures for Computer Science | — |
Summer 2019 | CS 0445 | Data Structures | — |
Spring 2019 | CS 0441 | Discrete Structures for Computer Science | — |
Spring 2019 | CS 1501 | Algorithm Implementation | — |
Spring 2019 | CS 1699 | Privacy in the Electronic Society | — |
Fall 2018 | CS 0445 | Data Structures | — |
Fall 2018 | CS 1653 | Applied Cryptography and Network Security | — |
Summer 2018 | CS 0008 | Introduction to Computer Programming with Python | — |
Summer 2018 | CS 0441 | Discrete Structures for Computer Science | — |
Summer 2018 | CS 0445 | Data Structures | — |
Spring 2018 | CS 1501 | Algorithm Implementation | — |
Spring 2018 | CS 1699 | Privacy in the Electronic Society | — |
Fall 2017 | CS 0441 | Discrete Structures for Computer Science | — |
Fall 2017 | CS 0445 | Data Structures | — |
Summer 2017 | CS 0008 | Introduction to Computer Programming with Python | — |
Summer 2017 | CS 0441 | Discrete Structures for Computer Science | — |
Summer 2017 | CS 0445 | Data Structures | — |
Spring 2017 | CS 0445 | Data Structures | — |
Spring 2017 | CS 1501 | Algorithm Implementation | — |
Fall 2016 | CS 0445 | Data Structures | — |
Summer 2016 | CS 0008 | Introduction to Computer Programming with Python | — |
Summer 2016 | CS 0445 | Data Structures | — |
Spring 2016 | CS 0008 | Introduction to Computer Programming with Python | — |
Spring 2016 | CS 0445 | Data Structures | — |
Spring 2016 | CS 1653 | Applied Cryptography and Network Security | — |
Fall 2015 | CS 0445 | Data Structures | — |
Fall 2015 | CS 1501 | Algorithm Implementation | — |
Spring 2015 | CS 1653 | Applied Cryptography and Network Security | — |
bill@cs.pitt.edu
bill@bill-computer.science
Sennott Square 6311
412-926-5401