SecPAL: Design and semantics of a decentralized authorization language

We present a declarative authorization language. Policies and credentials are expressed using predicates defined by logical clauses, in the style of constraint logic programming. Access requests are mapped to logical authorization queries, consisting of predicates and constraints combined by conjunctions, disjunctions, and negations. Access is granted if the query succeeds against the current database of clauses. Predicates ascribe rights to particular principals, with flexible support for delegation and revocation. At the discretion of the delegator, delegated rights can be further delegated, either to a fixed depth, or arbitrarily deeply. Our language strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to Datalog with Constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met.

[1]  K. A. Ross,et al.  Tabled Evaluation with Delaying for General Logic Programs , 1996 .

[2]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[3]  Mike Paterson,et al.  Linear unification , 1976, STOC '76.

[4]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Suzanne W. Dietrich,et al.  Extension Tables: Memo Relations in Logic Programming , 1987, SLP.

[6]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[7]  Sebastian Nanz,et al.  A logic for state-modifying authorization policies , 2007, TSEC.

[8]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[9]  Sushil Jajodia,et al.  Policies, Models, and Languages for Access Control , 2005, DNIS.

[10]  Moritz Y. Becker Information governance in NHS's NPfIT: A case for policy specification , 2007, Int. J. Medical Informatics.

[11]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[12]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[13]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[14]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[15]  Jeffrey D. Ullman,et al.  Assigning an Appropriate Meaning to Database Logic With Negation , 1994 .

[16]  Bart Kuijpers,et al.  Introduction to constraint databases , 2002, SGMD.

[17]  Mark Evered,et al.  A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.

[18]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[19]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[20]  Peter J. Stuckey,et al.  Memoing Evaluation for Constraint Extensions of Datalog , 1997 .

[21]  Jun Feng,et al.  Fine-grained access control for GridFTP using SecPAL , 2007, 2007 8th IEEE/ACM International Conference on Grid Computing.

[22]  Joseph Y. Halpern,et al.  A formal foundation for XrML , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[23]  Michael J. Maher,et al.  Constraint Logic Programming: A Survey , 1994, J. Log. Program..

[24]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[25]  Sebastian Nanz,et al.  The Role of Abduction in Declarative Authorization Policies , 2008, PADL.

[26]  Mads Dam,et al.  Constrained delegation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[27]  Moritz Y. Becker Specification and Analysis of Dynamic Authorisation Policies , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[28]  Joan Feigenbaum,et al.  A practically implementable and tractable delegation logic , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[29]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[30]  Emil C. Lupu,et al.  Reconciling role based management and role based access control , 1997, RBAC '97.

[31]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[32]  Alberto Martelli,et al.  An Efficient Unification Algorithm , 1982, TOPL.

[33]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[34]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[35]  Elisa Bertino,et al.  A temporal authorization model , 1994, CCS '94.

[36]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[37]  Martín Abadi,et al.  A Modal Deconstruction of Access Control Logics , 2008, FoSSaCS.

[38]  Elisa Bertino,et al.  A logical framework for reasoning about access control models , 2001, SACMAT '01.

[39]  Hisao Tamaki,et al.  OLD Resolution with Tabulation , 1986, ICLP.

[40]  Blair B. Dillaway,et al.  Security Policy Assertion Language (SecPAL) Specification , 2007 .

[41]  Joseph Y. Halpern,et al.  Using First-Order Logic to Reason about Policies , 2008, TSEC.

[42]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[43]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[44]  Georg Gottlob,et al.  Complexity and expressive power of logic programming , 2001, CSUR.

[45]  Yuri Gurevich,et al.  DKAL: Distributed-Knowledge Authorization Language , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[46]  Kevin Knight,et al.  Unification: a multidisciplinary survey , 1989, CSUR.

[47]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[48]  David W. Chadwick,et al.  Authorisation in Grid computing , 2005, Inf. Secur. Tech. Rep..

[49]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[50]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[51]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[52]  Pietro Iglio,et al.  Role templates for content-based access control , 1997, RBAC '97.

[53]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[54]  Peter Z. Revesz,et al.  Constraint Databases: A Survey , 1995, Semantics in Databases.

[55]  Ninghui Li,et al.  Understanding SPKI/SDSI using first-order logic , 2005, International Journal of Information Security.

[56]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[57]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[58]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[59]  Moritz Y. Becker Cassandra: flexible trust management and its application to electronic health records , 2005 .