Sophisticated Access Control via SMT and Logical Frameworks

We introduce a new methodology for formulating, analyzing, and applying access-control policies. Policies are expressed as formal theories in the SMT (satisfiability-modulo-theories) subset of typed first-order logic, and represented in a programmable logical framework, with each theory extending a core ontology of access control. We reduce both request evaluation and policy analysis to SMT solving, and provide experimental results demonstrating the practicality of these reductions. We also introduce a class of canonical requests and prove that such requests can be evaluated in linear time. In many application domains, access requests are either naturally canonical or can easily be put into canonical form. The resulting policy framework is more expressive than XACML and languages in the Datalog family, without compromising efficiency. Using the computational logic facilities of the framework, a wide range of sophisticated policy analyses (including consistency, coverage, observational equivalence, and change impact) receive succinct formulations whose correctness can be straightforwardly verified. The use of SMT solving allows us to efficiently analyze policies with complicated numeric (integer and real) constraints, a weak point of previous policy analysis systems. Further, by leveraging the programmability of the underlying logical framework, our system provides exceptionally flexible ways of resolving conflicts and composing policies. Specifically, we show that our system subsumes FIA (Fine-grained Integration Algebra), an algebra recently developed for the purpose of integrating complex policies.

[1]  Alessandro Armando,et al.  Efficient symbolic automated analysis of administrative attribute-based RBAC-policies , 2011, ASIACCS '11.

[2]  Graham Hutton,et al.  A tutorial on the universality and expressiveness of fold , 1999, Journal of Functional Programming.

[3]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[4]  Fabio Massacci,et al.  Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control , 1997, ECSQARU-FAPR.

[5]  Tevfik Bultan,et al.  Automated verification of access control policies using a SAT solver , 2008, International Journal on Software Tools for Technology Transfer.

[6]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Behnam Bahrak,et al.  BRESAP: A Policy Reasoner for Processing Spectrum Access Policies Represented by Binary Decision Diagrams , 2010, 2010 IEEE Symposium on New Frontiers in Dynamic Spectrum (DySPAN).

[9]  Lalana Kagal,et al.  Using Semantic Web Technologies for Policy Management on the Web , 2006, AAAI.

[10]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[11]  Hilary H. Hosmer The multipolicy paradigm for trusted systems , 1993, NSPW '92-93.

[12]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[13]  Volker Haarslev,et al.  RACER System Description , 2001, IJCAR.

[14]  Wolfgang Nejdl,et al.  Rule-based Policy Specification , 2007, Secure Data Management in Decentralized Systems.

[15]  Shriram Krishnamurthi The CONTINUE Server (or, How I Administered PADL 2002 and 2003) , 2003, PADL.

[16]  Ritu Chadha,et al.  An Application of Formal Methods to Cognitive Radios , 2011, DIFTS@FMCAD.

[17]  Ritu Chadha,et al.  Modular natural language interfaces to logic-based policy frameworks , 2013, Comput. Stand. Interfaces.

[18]  Chen Zhao,et al.  Representation and Reasoning on RBAC: A Description Logic Approach , 2005, ICTAC.

[19]  Nikolaj Bjørner,et al.  Satisfiability modulo theories , 2011, Commun. ACM.

[20]  Edward Fredkin,et al.  Trie memory , 1960, Commun. ACM.

[21]  Bruno Courcelle,et al.  Fundamental Properties of Infinite Trees , 1983, Theor. Comput. Sci..

[22]  Michael Huth,et al.  Access control via belnap logic: Intuitive, expressive, and analyzable policy composition , 2011, TSEC.

[23]  Jeremy Bryans,et al.  Reasoning about XACML policies using CSP , 2005, SWS '05.

[24]  Natarajan Shankar,et al.  A Tutorial on Satisfiability Modulo Theories , 2007, CAV.

[25]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[26]  Luigi Logrippo,et al.  Access Control Policies: Modeling and Validation , 2005 .

[27]  Ritu Chadha,et al.  Policy-Driven Mobile Ad hoc Network Management , 2007 .

[28]  Andreas Schaad,et al.  A lightweight approach to specification and analysis of role-based access control extensions , 2002, SACMAT '02.

[29]  P. A. Bonatti,et al.  Advanced Policy Queries , 2005 .

[30]  Sushil Jajodia,et al.  A propositional policy algebra for access control , 2003, TSEC.

[31]  Ritu Chadha,et al.  Policy-Driven Mobile Ad hoc Network Management: Chadha/Ad hoc Network , 2007 .

[32]  Alessandra Russo,et al.  Using event calculus to formalise policy specification and analysis , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[33]  Mark Ryan,et al.  Evaluating Access Control Policies Through Model Checking , 2005, ISC.

[34]  Vladimir Kolovski A Logic-Based Framework for Web Access Control Policies , 2008 .

[35]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[36]  Elisa Bertino,et al.  A logical framework for reasoning about access control models , 2001, SACMAT '01.

[37]  Vladimiro Sassone,et al.  A logical framework for history-based access control and reputation systems , 2008, J. Comput. Secur..

[38]  Manachai Toahchoodee,et al.  Validation of Policy Integration Using Alloy , 2005, ICDCIT.

[39]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[40]  Jason Crampton,et al.  PTaCL: A Language for Attribute-Based Access Control in Open Systems , 2012, POST.

[41]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[42]  Jeffrey M. Bradshaw,et al.  KAoS policy management for semantic Web services , 2004, IEEE Intelligent Systems.

[43]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[44]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[45]  John M. Rushby,et al.  Harnessing Disruptive Innovation in Formal Verification , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[46]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[47]  James A. Hendler,et al.  Analyzing web access control policies , 2007, WWW '07.

[48]  Tevfik Bultan,et al.  Automated Verification of XACML Policies Using a SAT Solver ? , 2007 .

[49]  Jorge Lobo,et al.  Policy ratification , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[50]  Joseph Y. Halpern,et al.  Using First-Order Logic to Reason about Policies , 2008, TSEC.

[51]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[52]  Piero A. Bonatti,et al.  Advanced Policy Explanations on the Web , 2006, ECAI.

[53]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[54]  Guido Moerkotte,et al.  Optimizing Boolean Expressions in Object-Bases , 1992, VLDB.

[55]  ChadhaRitu,et al.  Sophisticated Access Control via SMT and Logical Frameworks , 2014 .

[56]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[57]  Simon S. Lam,et al.  Authorization in distributed systems: a formal approach , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[58]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[59]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[60]  Elisa Bertino,et al.  An algebra for fine-grained integration of XACML policies , 2009, SACMAT '09.