Abstract
Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of document-viewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.
- Abadi, M. 2007. Access control in a core calculus of dependency. Electron. Notes Theoret. Comp. Sci. 172, 5--31. Google Scholar
Digital Library
- Abadi, M. 2008. Variations in access control logic. In Deontic Logic in Computer Science. Lecture Notes in Computer Science, vol. 5076, Springer, Berlin, Germany, 96--109. Google Scholar
Digital Library
- Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734. Google Scholar
Digital Library
- Appel, A. W. and Felten, E. W. 1999. Proof-carrying authentication. In Proceedings of the Annual ACM Computer and Communications Security. ACM Press, New York, NY, 52--62. Google Scholar
Digital Library
- Bauer, L. 2003. Access control for the Web via proof-carrying authorization. Ph.D. dissertation. Princeton University, Princeton, NJ. Google Scholar
Digital Library
- Bauer, L., Cranor, L., Reeder, R. W., Reiter, M. K., and Vaniea, K. 2008. A user study of policy creation in a flexible access-control system. In Proceedings of the ACM Conference on Human Factors in Computing Systems. 543--552. Google Scholar
Digital Library
- Bauer, L., Garriss, S., McCune, J. M., Reiter, M. K., Rouse, J., and Rutenbar, P. 2005a. Device-enabled authorization in the Grey system. In Proceedings of the Information Security Conference. 431--445. Google Scholar
Digital Library
- Bauer, L., Garriss, S., and Reiter, M. K. 2005b. Distributed proving in access-control systems. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 81--95. Google Scholar
Digital Library
- Becker, M., Fournet, C., and Gordon, A. 2007. Design and semantics of a decentralized authorization language. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 3--15. Google Scholar
Digital Library
- Becker, M. Y. and Nanz, S. 2007. A logic for state-modifying authorization policies. In Proceedings of the European Symposium on Research in Computer Security. 203--218. Google Scholar
Digital Library
- Becker, M. Y. and Sewell, P. 2004. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 139--154. Google Scholar
Digital Library
- Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. 1995. Extensibility, safety, and performance in the SPIN operating system. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 267--283. Google Scholar
Digital Library
- Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. D. 1999. The role of trust management in distributed systems security. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science, vol. 1603. Springer, Berlin, Germany, 185--210. Google Scholar
Digital Library
- Blaze, M., Feigenbaum, J., and Keromytis, A. D. 1998. KeyNote: Trust management for public-key infrastructures. In Proceedings of the Security Protocols Workshop. 59--63. Google Scholar
Digital Library
- Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 164--173. Google Scholar
Digital Library
- Blaze, M., Feigenbaum, J., and Strauss, M. 1998. Compliance checking in the PolicyMaker trust management system. In Financial Cryptography. Springer-Verlag, Berlin, Germany, 254--274. Google Scholar
Digital Library
- Bowers, K. D., Bauer, L., Garg, D., Pfenning, F., and Reiter, M. K. 2007. Consumable credentials in logic-based access-control systems. In Proceedings of the Network and Distributed System Security Symposium. Internet Society, Reston, VA, 143--157.Google Scholar
- Cameron, K. 2005. The laws of identity. http://www.identitybloc.com/.Google Scholar
- Chu, Y.-H., Feigenbaum, J., LaMacchia, B., Resnick, P., and Strauss, M. 1997. REFEREE: Trust management for Web applications. World Wide Web J. 2, 3, 127--139. Google Scholar
Digital Library
- Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19, 5, 236--243. Google Scholar
Digital Library
- Department of Defense. 1985. Trusted computer security evaluation criteria (TCSEC), DoD 5200.28-STD. http://csrc.nist.gov/publications/history/dod85.pdf.Google Scholar
- DeTreville, J. 2002. Binder, a logic-based security language. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 105--113. Google Scholar
Digital Library
- Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. 1999. SPKI certificate theory. Internet Engineering Task Force. RFC 2693. www.ietf.org. Google Scholar
Digital Library
- Erlingsson, Ú. and Schneider, F. B. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop. ACM Press, New York, NY, 87--95. Google Scholar
Digital Library
- Garg, D., Bauer, L., Bowers, K., Pfenning, F., and Reiter, M. 2006. A linear logic of authorization and knowledge. In Proceedings of the European Symposium on Research in Computer Security. Springer-Verlag, Berlin, Germany, 297--312. Google Scholar
Digital Library
- Garg, D. and Pfenning, F. 2006. Non-interference in constructive authorization logic. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 283--296. Google Scholar
Digital Library
- Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. 1996. A secure environment for untrusted helper applications: Confining the wily hacker. In Proceedings of the Usenix Security Symposium. Google Scholar
Digital Library
- Gray, C. and Cheriton, D. 1989. Leases: An efficient fault-tolerant mechanism for distributed file cache consistency. In Proceedings of the 12th ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 202--210. Google Scholar
Digital Library
- Gurevich, Y. and Neeman, I. 2008. DKAL: Distributed-knowledge authorization language. In Proceedings of the 21st IEEE Computer Security Foundations Symposium. IEEE Computer Society Press, Los Alamitos, CA, 149--162. Google Scholar
Digital Library
- Hamlen, K. W., Morrisett, G., and Schneider, F. B. 2006. Certified in-lined reference monitoring on .NET. In Proceedings of the ACM Workshop on Programming Languages and Analysis for Security. ACM Press, New York, NY, 7--16. Google Scholar
Digital Library
- Howell, J. 2000. Naming and sharing resources across administrative boundaries. Ph.D. dissertation. Dartmouth College, Hanover, NH. Google Scholar
Digital Library
- Howell, J. and Kotz, D. 2000. End-to-end authorization. In Operating System Design & Implementation. USENIX Association, Berkeley, CA, 151--164. Google Scholar
Digital Library
- Jim, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 106--115. Google Scholar
Digital Library
- Lampson, B., Abadi, M., Burrows, M., and Wobber, E. 1992. Authentication in distributed systems: Theory and practice. ACM Trans. Comp. Syst. 10, 265--310. Google Scholar
Digital Library
- Lesniewski-Laas, C., Ford, B., Strauss, J., Morris, R., and Kaashoek, M. F. 2007. Alpaca: Extensible authorization for distributed services. In Proceedings of the ACM Conference on Computer and Communications Security. ACM Press, New York, NY, 432--444. Google Scholar
Digital Library
- Li, N., Grosof, B. N., and Feigenbaum, J. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Sec. 6, 128--171. Google Scholar
Digital Library
- Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust-management framework. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 114--130. Google Scholar
Digital Library
- Necula, G. C. 1997. Proof-carrying code. In Proceedings of the Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM Press, New York, 106--119. Google Scholar
Digital Library
- Organization for the Advancement of Structured Information Standards (OASIS). 2004. Web services security: SOAP message security 1.0 (WS-Security 2004). http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.Google Scholar
- Pfenning, F. and Schürmann, C. 1999. System description: Twelf—a meta-logical framework for deductive systems. In Proceedings of the International Conference on Automated Deduction. Springer-Verlag, Berlin, Germany, 202--206. Google Scholar
Digital Library
- Pimlott, A. and Kselyov, O. 2006. Soutei, a logic-based trust management system, system description. In Proceedings of the 8th International Symposium on Functional and Logic Programming (FLOPS), M. Hagiya and P. Wadler, Eds. Lecture Notes in Computer Science, vol. 3945. Springer, Berlin, Germany, 130--145. Google Scholar
Digital Library
- Rivest, R. and Lampson, B. 1996. SDSI—a simple distributed security infrastructure. http://theory.lcs.mit.edu/cis/sdsi.html.Google Scholar
- Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google Scholar
Cross Ref
- Sandhu, R. S. 1993. Lattice-based access control models. IEEE Comp. 26, 11, 9--19. Google Scholar
Digital Library
- Schneider, F. B., Walsh, K., and Sirer, E. G. 2009. Nexus authorization logic (NAL): Design rationale and applications. Tech. rep. Cornell University, Ithaca, NY, http://hdl.handle.net/1813/13679.Google Scholar
- Shieh, A., Williams, D., Sirer, E. G., and Schneider, F. B. 2005. Nexus: A new operating system for trustworthy computing. In Proceedings of the Symposium on Operating Systems Principles Work-in-Progress Session. Google Scholar
Digital Library
- Sirer, E. G., Grimm, R., Gregory, A. J., and Bershad, B. N. 1999. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the 17th ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 202--216. Google Scholar
Digital Library
- Syverson, P. F. and Stubblebine, S. G. 1999. Group principals and the formalization of anonymity. In Proceedings of the World Congress on Formal Methods in the Development of Computing Systems. Springer-Verlag, Berlin, Germany, 814--833. Google Scholar
Digital Library
- Troelstra, A. S. and van Dalen, D. 1988. Constructivism in Mathematics. Studies in Logic and the Foundations of Mathematics Series, vol. 121, J. Barwise et al., Eds. Elsevier, Amsterdam, The Netherlands.Google Scholar
- van Dalen, D. 2004. Logic and Structure, 4th ed. Springer, Berlin, Germany.Google Scholar
- Wahbe, R., Lucco, S., Anderson, T. E., and Graham, S. L. 1993. Efficient software-based fault isolation. In Proceedings of the Symposium on Operating Systems Principles. 203--216. Google Scholar
Digital Library
- Walsh, K. 2011. Support for mutually suspicious subsystems. Ph.D. dissertation, Cornell University, Ithaca, NY.Google Scholar
- Weissman, C. 1969. Security controls in the ADEPT-50 time-sharing system. In Proceedings of the Fall American Federation of Information Processing Societies National SemiAnnual Computer Conference. Vol. 35. 119--133. Google Scholar
Digital Library
- Wobber, E., Abadi, M., Burrows, M., and Lampson, B. 1994. Authentication in the TAOS operating system. ACM Trans. Comp. Syst. 12, 1, 3--32. Google Scholar
Digital Library
- Wobber, T., Rodeheffer, T. L., and Terry, D. B. 2009. Policy-based access control for weakly consistent replication. Tech. rep. MSR--TR--2009--15. Microsoft Research, Redmonds, WA.Google Scholar
- World Wide Web Consortium. 2007. Web services policy 1.5 - framework (WS-Policy). http://www.w3.org/TR/ws-policy/.Google Scholar
Index Terms
Nexus authorization logic (NAL): Design rationale and applications
Recommendations
Flow-Limited Authorization
CSF '15: Proceedings of the 2015 IEEE 28th Computer Security Foundations SymposiumBecause information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows ...
Belief semantics of authorization logic
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityA formal belief semantics for authorization logics is given. The belief semantics is proved to subsume a standard Kripke semantics. The belief semantics yields a direct representation of principals' beliefs, without resorting to the technical machinery ...
Stateful authorization logic: proof theory and a case study
STM'10: Proceedings of the 6th international conference on Security and trust managementAuthorization policies can be conveniently represented and reasoned about in logic. Proof theory is important for many such applications of logic. However, so far, there has been no systematic study of proof theory that incorporates system state, upon ...






Comments