Nexus authorization logic (NAL): Design rationale and applications

Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of document-viewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.

[1]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[2]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[3]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[4]  Dirk van Dalen,et al.  Logic and structure , 1980 .

[5]  A. Troelstra Constructivism in mathematics , 1988 .

[6]  David R. Cheriton,et al.  Leases: an efficient fault-tolerant mechanism for distributed file cache consistency , 1989, SOSP '89.

[7]  Dirk van Dalen,et al.  Logic and structure (2. ed.) , 1989, Universitext.

[8]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[9]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[10]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[11]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[12]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[13]  Martín Abadi,et al.  Authentication in the Taos operating system , 1993, SOSP '93.

[14]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[15]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[16]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[17]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[18]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[19]  Ian Goldberg,et al.  A secure environment for untrusted helper applications confining the Wily Hacker , 1996 .

[20]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[21]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[22]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[23]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[24]  Emin Gün Sirer,et al.  Design and implementation of a distributed virtual machine for networked computers , 1999, SOSP.

[25]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[26]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[27]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[28]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[29]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[30]  Jan Vitek,et al.  Secure Internet Programming: Security Issues for Mobile and Distributed Objects , 1999 .

[31]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[32]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[33]  David Kotz,et al.  Naming and sharing resources across administrative boundaries , 2000 .

[34]  Jon Howell,et al.  End-to-end authorization , 2000, OSDI.

[35]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[36]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[37]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[38]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[39]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[40]  Andrew W. Appel,et al.  Access control for the web via proof-carrying authorization , 2003 .

[41]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[42]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[43]  Lujo Bauer,et al.  Distributed proving in access-control systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[44]  K. Cameron The Laws of Identity , 2005 .

[45]  Emin Gün Sirer,et al.  Nexus: a new operating system for trustworthy computing , 2005, SOSP '05.

[46]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[47]  Lujo Bauer,et al.  Device-Enabled Authorization in the Grey-System , 2005, ISC.

[48]  Kevin W. Hamlen,et al.  Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[49]  Kevin D. Bowers,et al.  Consumable Credentials in Logic-Based Access-Control Systems , 2006 .

[50]  Lujo Bauer,et al.  A Linear Logic of Authorization and Knowledge , 2006, ESORICS.

[51]  Access control in a core calculus of dependency , 2006, ICFP '06.

[52]  Frank Pfenning,et al.  Non-interference in constructive authorization logic , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[53]  Oleg Kiselyov,et al.  Soutei, a Logic-Based Trust-Management System , 2006, FLOPS.

[54]  Oleg Kiselyov,et al.  Soutei, a Logic-Based Trust-Management System System Description , 2006 .

[55]  Lujo Bauer,et al.  Consumable Credentials in Linear-Logic-Based Access-Control Systems , 2007, NDSS.

[56]  Martín Abadi Access Control in a Core Calculus of Dependency , 2007, Electron. Notes Theor. Comput. Sci..

[57]  Asir S Vedamuthu,et al.  Web Services Policy 1.5 - Framework , 2007 .

[58]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[59]  Robert Tappan Morris,et al.  Alpaca: extensible authorization for distributed services , 2007, CCS '07.

[60]  Yuri Gurevich,et al.  DKAL: Distributed-Knowledge Authorization Language , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[61]  Lujo Bauer,et al.  A user study of policy creation in a flexible access-control system , 2008, CHI.

[62]  Martín Abadi Variations in Access Control Logic , 2008, DEON.

[63]  Ted Wobber,et al.  Policy-based access control for weakly consistent replication , 2010, EuroSys '10.

[64]  Sebastian Nanz,et al.  A logic for state-modifying authorization policies , 2007, TSEC.

[65]  Mirina Grosz,et al.  World Wide Web Consortium , 2010 .

[66]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.