William C. Garrison III @Pitt/CS

About

I am William Garrison, cited as William C. Garrison III, usually called Bill. I am a lecturer at the Department of Computer Science at the University of Pittsburgh.

Research

My research interests are based in the formal study of computer systems to better understand the practical implications of security decisions. My dissertation work is in access control suitability analysis: given the requirements of an application, choose the access control system that is most well-suited to that application among those that are expressive enough to safely satisfy it. This is in contrast to traditional access control evaluation, which is application-agnostic and deems the most expressive system the best. To this end, I am developing techniques that evaluate access control systems while considering application-sensitive requirements and evaluation metrics (both qualitative and quantitative).

My other research interests include usable web privacy tools and mobile malware risk estimation from structural properties of application packages.

Publications

Refereed Conference and Workshop Papers

[C16a] William C. Garrison III, Adam Shull, Steven Myers, and Adam J. Lee, "On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud," in Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P 2016), May 2016. [PDF]
Extended version available as [T16a].
[C15a] William C. Garrison III and Adam J. Lee, "Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations," in Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF 2015): 18–32, July 2015. [PDF]
Extended version available as [T15a].
[C14b] William C. Garrison III, Adam J. Lee, and Timothy L. Hinrichs, "An Actor-Based, Application-Aware Access Control Evaluation Framework," in Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT 2014): 199–210, June 2014. [PDF]
Extended version available as [T13a].
[C14a] William C. Garrison III, Yechen Qiao, and Adam J. Lee, "On the Suitability of Dissemination-centric Access Control Systems for Group-centric Sharing," in Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy (CODASPY 2014): 1–12, March 2014. [PDF]
This paper was awarded Outstanding Paper at CODASPY 2014. Proofs of theorems in this paper available as [T14a].
[C13a] Timothy L. Hinrichs, Diego Martinoia, William C. Garrison III, Adam J. Lee, Alessandro Panebianco, and Lenore Zuck, "Application-Sensitive Access Control Evaluation using Parameterized Expressiveness," in Proceedings of the 26th IEEE Computer Security Foundations Symposium (CSF 2013): 145–160, June 2013. [PDF]
Extended version available as [T13b].
[C12a] William C. Garrison III, Adam J. Lee, and Timothy L. Hinrichs, "The Need for Application-Aware Access Control Evaluation," in Proceedings of the 2012 New Security Paradigms Workshop (NSPW '12): 115–126, September 2012. [PDF]
[C11a] Timothy L. Hinrichs, William C. Garrison III, Adam J. Lee, Skip Saunders, and John C. Mitchell, "TBA: A Hybrid of Logic and Extensional Access Control Systems," in Proceedings of the 8th International Workshop on Formal Aspects of Security & Trust (FAST2011): 198–213, September 2011. [PDF]
Extended version available as [T11a].

Ph.D. Dissertation

[D15a] William C. Garrison III, "Techniques for Application-Aware Suitability Analysis of Access Control Systems," Ph.D. Dissertation, University of Pittsburgh Department of Computer Science, December 2015. [PDF]

Technical Reports

[T16a] William C. Garrison III, Adam Shull, Steven Myers, and Adam J. Lee, "On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud (Extended Version)," arXiv:1602.09069, April 2016. [PDF]
Extended version of [C16a].
[T15a] William C. Garrison III and Adam J. Lee, "Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations (Extended Version)," arXiv:1504.07948, April 2015. [PDF]
Extended version of [C15a].
[T14a] William C. Garrison III, Yechen Qiao, and Adam J. Lee, "On the Suitability of Dissemination-centric Access Control Systems for Group-centric Sharing (Full Proofs)," January 2014. [PDF]
Proofs of theorems in [C14a].
[T13b] Timothy L. Hinrichs, Diego Martinoia, William C. Garrison III, Adam J. Lee, Alessandro Panebianco, and Lenore Zuck, "Application-Sensitive Access Control Evaluation using Parameterized Expressiveness (Extended Version)," April 2013. [PDF]
Extended version of [C13a].
[T13a] William C. Garrison III, Adam J. Lee, and Timothy L. Hinrichs, "The Design and Demonstration of an Actor-Based, Application-Aware Access Control Evaluation Framework," arXiv:1302.1134, February 2013. [PDF]
Extended version of [C14b].
[T11a] Timothy L. Hinrichs, William C. Garrison III, Adam J. Lee, Skip Saunders, and John C. Mitchell, "TBA: A Hybrid of Logic and Extensional Access Control Systems (Extended Version)," University of Pittsburgh Department of Computer Science Technical Report No. TR-11-182, September 2011. [PDF]
Extended version of [C11a].

Teaching

Term Catalog # Title Links
Fall 2017 CS 0441 Discrete Structures for Computer Science
Fall 2017 CS 0445 Data Structures
Summer 2017 CS 0008 Introduction to Computer Programming with Python
Summer 2017 CS 0441 Discrete Structures for Computer Science
Summer 2017 CS 0445 Data Structures
Spring 2017 CS 0445 Data Structures
Spring 2017 CS 1501 Algorithm Implementation
Fall 2016 CS 0445 Data Structures
Summer 2016 CS 0008 Introduction to Computer Programming with Python
Summer 2016 CS 0445 Data Structures
Spring 2016 CS 0008 Introduction to Computer Programming with Python
Spring 2016 CS 0445 Data Structures
Spring 2016 CS 1653 Applied Cryptography and Network Security
Fall 2015 CS 0445 Data Structures
Fall 2015 CS 1501 Algorithm Implementation
Spring 2015 CS 1653 Applied Cryptography and Network Security

Contact Information

email: bill@cs.pitt.edu
office: Sennott Square 6311
phone: 412-926-5401