A Logic of Access Control

The effectiveness of an access control mechanism in implementing a security policy in a centralized operating system is often weakened because of the large number of possible access rights involved, informal specification of security policy and a lack of tools for assisting systems administrators. Herein we present a logical foundation for automated tools that assist in determining which access rights should be granted by reasoning about the effects of an access control mechanism on the computations performed by an operating system. We demonstrate the practicality and utility of our logical approach by showing how it allows us to construct a deductive database capable of answering questions about the security of two real-world operating systems. We illustrate the application of our techniques by presenting the results of an experiment designed to assess how accurately the configuration of an access control mechanism implements a given security policy.

[1]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[2]  David A. Solomon,et al.  Inside windows nt second edition , 1998 .

[3]  John McLean,et al.  Reasoning About Security Models , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  André Thayse,et al.  From modal logic to deductive databases: introduction to a logic based approach to artificial intelligence , 1989 .

[5]  Charles G. Morgan,et al.  Methods for Automated Theorem Proving in Nonclassical Logics , 1976, IEEE Transactions on Computers.

[6]  John Wylie Lloyd,et al.  Foundations of Logic Programming , 1987, Symbolic Computation.

[7]  John McLean,et al.  The algebra of security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[8]  Pascal Gribomont,et al.  From Modal Logic to Deductive Databases: Introducing a Logic Based Approach to Artificial Intelligence , 1989 .

[9]  G. E. Hughes,et al.  An introduction to modal logic, 2e éd., 1 vol , 1973 .

[10]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[11]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[12]  Jerome H. Saltzer,et al.  The Multics kernel design project , 1977, SOSP '77.

[13]  Greg O'Shea,et al.  On the Specification, Validation and Verification of Security in Access Control Systems , 1994, Comput. J..

[14]  Mark Levene,et al.  A Modal Logic Formalism for Distributed and Parallel Knowledge Bases , 1993, Parallel Algorithms Appl..

[15]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[16]  Helen Custer,et al.  Inside Windows NT , 1992 .

[17]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[18]  Anthony Hunter,et al.  Default Databases: Extending the Approach of Deductive Databases Using Default Logic , 1998, Data Knowl. Eng..

[19]  Max J. Cresswell,et al.  A New Introduction to Modal Logic , 1998 .

[20]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[21]  J. Davenport Editor , 1960 .

[22]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[23]  Mark Schulman,et al.  Using UNIX , 1990 .

[24]  Greg O'Shea Redundant access rights , 1995, Comput. Secur..

[25]  PhD Mark Levene BSc,et al.  A Guided Tour of Relational Databases and Beyond , 1999, Springer London.