Soutei, a Logic-Based Trust-Management System

We describe the design and implementation of a trust-management system Soutei, a dialect of Binder, for access control in distributed systems. Soutei policies and credentials are written in a declarative logic-based security language and thus constitute distributed logic programs. Soutei policies are modular, concise, and readable. They support policy verification, and, despite the simplicity of the language, express role- and attribute-based access control lists, and conditional delegation. We describe the real-world deployment of Soutei into a publish-subscribe web service with distributed and compartmentalized administration, emphasizing the often overlooked aspect of authorizing the creation of resources and the corresponding policies. Soutei brings Binder from a research prototype into the real world. Supporting large, truly distributed policies required non-trivial changes to Binder, in particular mode-restriction and goal-directed top-down evaluation. To improve the robustness of our evaluator, we describe a fair and terminating backtracking algorithm.

[1]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[2]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[3]  Krzysztof R. Apt,et al.  Logic Programming , 1990, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[4]  Abe Singer,et al.  Life Without Firewalls , 2003, Login: The Usenix Magazine.

[5]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[6]  Amr Sabry,et al.  Backtracking, interleaving, and terminating monad transformers: (functional pearl) , 2005, ICFP '05.

[7]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[8]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[9]  Koen Claessen,et al.  Typed Logical Variables in Haskell , 2001, ACM SIGPLAN Symposium/Workshop on Haskell.

[10]  Frank Pfenning,et al.  Non-interference in constructive authorization logic , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[11]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  Zoltan Somogyi,et al.  The Execution Algorithm of Mercury, an Efficient Purely Declarative Logic Programming Language , 1996, J. Log. Program..

[13]  Peter Thiemann,et al.  Syntactic Type Soundness for the Region Calculus , 2001, HOOTS.

[14]  H.J.M. Meijer,et al.  Proceedings of the 1999 Haskell Workshop , 1999 .

[15]  Alessio Guglielmi,et al.  A Tutorial on Proof Theoretic Foundations of Logic Programming , 2003, ICLP.

[16]  Ralf Hinze,et al.  Deriving backtracking monad transformers , 2000, ICFP '00.

[17]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[18]  Dale Miller,et al.  A proof theory for generic judgments: an extended abstract , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[19]  Philip Wadler,et al.  Packrat parsing:: simple, powerful, lazy, linear time, functional pearl , 2002, ICFP '02.

[20]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..