skip to main content
research-article

Nexus authorization logic (NAL): Design rationale and applications

Published:06 June 2011Publication History
Skip Abstract Section

Abstract

Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of document-viewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.

References

  1. Abadi, M. 2007. Access control in a core calculus of dependency. Electron. Notes Theoret. Comp. Sci. 172, 5--31. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Abadi, M. 2008. Variations in access control logic. In Deontic Logic in Computer Science. Lecture Notes in Computer Science, vol. 5076, Springer, Berlin, Germany, 96--109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Appel, A. W. and Felten, E. W. 1999. Proof-carrying authentication. In Proceedings of the Annual ACM Computer and Communications Security. ACM Press, New York, NY, 52--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Bauer, L. 2003. Access control for the Web via proof-carrying authorization. Ph.D. dissertation. Princeton University, Princeton, NJ. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bauer, L., Cranor, L., Reeder, R. W., Reiter, M. K., and Vaniea, K. 2008. A user study of policy creation in a flexible access-control system. In Proceedings of the ACM Conference on Human Factors in Computing Systems. 543--552. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bauer, L., Garriss, S., McCune, J. M., Reiter, M. K., Rouse, J., and Rutenbar, P. 2005a. Device-enabled authorization in the Grey system. In Proceedings of the Information Security Conference. 431--445. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bauer, L., Garriss, S., and Reiter, M. K. 2005b. Distributed proving in access-control systems. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 81--95. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Becker, M., Fournet, C., and Gordon, A. 2007. Design and semantics of a decentralized authorization language. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 3--15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Becker, M. Y. and Nanz, S. 2007. A logic for state-modifying authorization policies. In Proceedings of the European Symposium on Research in Computer Security. 203--218. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Becker, M. Y. and Sewell, P. 2004. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 139--154. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. 1995. Extensibility, safety, and performance in the SPIN operating system. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 267--283. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. D. 1999. The role of trust management in distributed systems security. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science, vol. 1603. Springer, Berlin, Germany, 185--210. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Blaze, M., Feigenbaum, J., and Keromytis, A. D. 1998. KeyNote: Trust management for public-key infrastructures. In Proceedings of the Security Protocols Workshop. 59--63. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 164--173. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Blaze, M., Feigenbaum, J., and Strauss, M. 1998. Compliance checking in the PolicyMaker trust management system. In Financial Cryptography. Springer-Verlag, Berlin, Germany, 254--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Bowers, K. D., Bauer, L., Garg, D., Pfenning, F., and Reiter, M. K. 2007. Consumable credentials in logic-based access-control systems. In Proceedings of the Network and Distributed System Security Symposium. Internet Society, Reston, VA, 143--157.Google ScholarGoogle Scholar
  18. Cameron, K. 2005. The laws of identity. http://www.identitybloc.com/.Google ScholarGoogle Scholar
  19. Chu, Y.-H., Feigenbaum, J., LaMacchia, B., Resnick, P., and Strauss, M. 1997. REFEREE: Trust management for Web applications. World Wide Web J. 2, 3, 127--139. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19, 5, 236--243. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Department of Defense. 1985. Trusted computer security evaluation criteria (TCSEC), DoD 5200.28-STD. http://csrc.nist.gov/publications/history/dod85.pdf.Google ScholarGoogle Scholar
  22. DeTreville, J. 2002. Binder, a logic-based security language. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 105--113. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. 1999. SPKI certificate theory. Internet Engineering Task Force. RFC 2693. www.ietf.org. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Erlingsson, Ú. and Schneider, F. B. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop. ACM Press, New York, NY, 87--95. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Garg, D., Bauer, L., Bowers, K., Pfenning, F., and Reiter, M. 2006. A linear logic of authorization and knowledge. In Proceedings of the European Symposium on Research in Computer Security. Springer-Verlag, Berlin, Germany, 297--312. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Garg, D. and Pfenning, F. 2006. Non-interference in constructive authorization logic. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 283--296. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. 1996. A secure environment for untrusted helper applications: Confining the wily hacker. In Proceedings of the Usenix Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Gray, C. and Cheriton, D. 1989. Leases: An efficient fault-tolerant mechanism for distributed file cache consistency. In Proceedings of the 12th ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 202--210. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Gurevich, Y. and Neeman, I. 2008. DKAL: Distributed-knowledge authorization language. In Proceedings of the 21st IEEE Computer Security Foundations Symposium. IEEE Computer Society Press, Los Alamitos, CA, 149--162. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Hamlen, K. W., Morrisett, G., and Schneider, F. B. 2006. Certified in-lined reference monitoring on .NET. In Proceedings of the ACM Workshop on Programming Languages and Analysis for Security. ACM Press, New York, NY, 7--16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Howell, J. 2000. Naming and sharing resources across administrative boundaries. Ph.D. dissertation. Dartmouth College, Hanover, NH. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Howell, J. and Kotz, D. 2000. End-to-end authorization. In Operating System Design & Implementation. USENIX Association, Berkeley, CA, 151--164. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Jim, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 106--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Lampson, B., Abadi, M., Burrows, M., and Wobber, E. 1992. Authentication in distributed systems: Theory and practice. ACM Trans. Comp. Syst. 10, 265--310. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Lesniewski-Laas, C., Ford, B., Strauss, J., Morris, R., and Kaashoek, M. F. 2007. Alpaca: Extensible authorization for distributed services. In Proceedings of the ACM Conference on Computer and Communications Security. ACM Press, New York, NY, 432--444. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Li, N., Grosof, B. N., and Feigenbaum, J. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Sec. 6, 128--171. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust-management framework. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 114--130. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Necula, G. C. 1997. Proof-carrying code. In Proceedings of the Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM Press, New York, 106--119. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Organization for the Advancement of Structured Information Standards (OASIS). 2004. Web services security: SOAP message security 1.0 (WS-Security 2004). http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.Google ScholarGoogle Scholar
  40. Pfenning, F. and Schürmann, C. 1999. System description: Twelf—a meta-logical framework for deductive systems. In Proceedings of the International Conference on Automated Deduction. Springer-Verlag, Berlin, Germany, 202--206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Pimlott, A. and Kselyov, O. 2006. Soutei, a logic-based trust management system, system description. In Proceedings of the 8th International Symposium on Functional and Logic Programming (FLOPS), M. Hagiya and P. Wadler, Eds. Lecture Notes in Computer Science, vol. 3945. Springer, Berlin, Germany, 130--145. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Rivest, R. and Lampson, B. 1996. SDSI—a simple distributed security infrastructure. http://theory.lcs.mit.edu/cis/sdsi.html.Google ScholarGoogle Scholar
  43. Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google ScholarGoogle ScholarCross RefCross Ref
  44. Sandhu, R. S. 1993. Lattice-based access control models. IEEE Comp. 26, 11, 9--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Schneider, F. B., Walsh, K., and Sirer, E. G. 2009. Nexus authorization logic (NAL): Design rationale and applications. Tech. rep. Cornell University, Ithaca, NY, http://hdl.handle.net/1813/13679.Google ScholarGoogle Scholar
  46. Shieh, A., Williams, D., Sirer, E. G., and Schneider, F. B. 2005. Nexus: A new operating system for trustworthy computing. In Proceedings of the Symposium on Operating Systems Principles Work-in-Progress Session. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Sirer, E. G., Grimm, R., Gregory, A. J., and Bershad, B. N. 1999. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the 17th ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 202--216. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Syverson, P. F. and Stubblebine, S. G. 1999. Group principals and the formalization of anonymity. In Proceedings of the World Congress on Formal Methods in the Development of Computing Systems. Springer-Verlag, Berlin, Germany, 814--833. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Troelstra, A. S. and van Dalen, D. 1988. Constructivism in Mathematics. Studies in Logic and the Foundations of Mathematics Series, vol. 121, J. Barwise et al., Eds. Elsevier, Amsterdam, The Netherlands.Google ScholarGoogle Scholar
  50. van Dalen, D. 2004. Logic and Structure, 4th ed. Springer, Berlin, Germany.Google ScholarGoogle Scholar
  51. Wahbe, R., Lucco, S., Anderson, T. E., and Graham, S. L. 1993. Efficient software-based fault isolation. In Proceedings of the Symposium on Operating Systems Principles. 203--216. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Walsh, K. 2011. Support for mutually suspicious subsystems. Ph.D. dissertation, Cornell University, Ithaca, NY.Google ScholarGoogle Scholar
  53. Weissman, C. 1969. Security controls in the ADEPT-50 time-sharing system. In Proceedings of the Fall American Federation of Information Processing Societies National SemiAnnual Computer Conference. Vol. 35. 119--133. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Wobber, E., Abadi, M., Burrows, M., and Lampson, B. 1994. Authentication in the TAOS operating system. ACM Trans. Comp. Syst. 12, 1, 3--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Wobber, T., Rodeheffer, T. L., and Terry, D. B. 2009. Policy-based access control for weakly consistent replication. Tech. rep. MSR--TR--2009--15. Microsoft Research, Redmonds, WA.Google ScholarGoogle Scholar
  56. World Wide Web Consortium. 2007. Web services policy 1.5 - framework (WS-Policy). http://www.w3.org/TR/ws-policy/.Google ScholarGoogle Scholar

Index Terms

  1. Nexus authorization logic (NAL): Design rationale and applications

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM Transactions on Information and System Security
            ACM Transactions on Information and System Security  Volume 14, Issue 1
            May 2011
            366 pages
            ISSN:1094-9224
            EISSN:1557-7406
            DOI:10.1145/1952982
            Issue’s Table of Contents

            Copyright © 2011 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 6 June 2011
            • Accepted: 1 December 2009
            • Received: 1 September 2009
            Published in tissec Volume 14, Issue 1

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article
            • Research
            • Refereed

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!