research-article

Nexus authorization logic (NAL): Design rationale and applications

Authors:

Fred B. Schneider,

Emin Gün SirerAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 14, Issue 1

Article No.: 8, Pages 1 - 28

https://doi.org/10.1145/1952982.1952990

Published: 06 June 2011 Publication History

Abstract

Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of document-viewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.

References

[1]

Abadi, M. 2007. Access control in a core calculus of dependency. Electron. Notes Theoret. Comp. Sci. 172, 5--31.

Digital Library

[2]

Abadi, M. 2008. Variations in access control logic. In Deontic Logic in Computer Science. Lecture Notes in Computer Science, vol. 5076, Springer, Berlin, Germany, 96--109.

Digital Library

[3]

Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734.

Digital Library

[4]

Appel, A. W. and Felten, E. W. 1999. Proof-carrying authentication. In Proceedings of the Annual ACM Computer and Communications Security. ACM Press, New York, NY, 52--62.

Digital Library

[5]

Bauer, L. 2003. Access control for the Web via proof-carrying authorization. Ph.D. dissertation. Princeton University, Princeton, NJ.

Digital Library

[6]

Bauer, L., Cranor, L., Reeder, R. W., Reiter, M. K., and Vaniea, K. 2008. A user study of policy creation in a flexible access-control system. In Proceedings of the ACM Conference on Human Factors in Computing Systems. 543--552.

Digital Library

[7]

Bauer, L., Garriss, S., McCune, J. M., Reiter, M. K., Rouse, J., and Rutenbar, P. 2005a. Device-enabled authorization in the Grey system. In Proceedings of the Information Security Conference. 431--445.

Digital Library

[8]

Bauer, L., Garriss, S., and Reiter, M. K. 2005b. Distributed proving in access-control systems. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 81--95.

Digital Library

[9]

Becker, M., Fournet, C., and Gordon, A. 2007. Design and semantics of a decentralized authorization language. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 3--15.

Digital Library

[10]

Becker, M. Y. and Nanz, S. 2007. A logic for state-modifying authorization policies. In Proceedings of the European Symposium on Research in Computer Security. 203--218.

Digital Library

[11]

Becker, M. Y. and Sewell, P. 2004. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 139--154.

Digital Library

[12]

Bershad, B. N., Savage, S., Pardyak, P., Sirer, E. G., Fiuczynski, M. E., Becker, D., Chambers, C., and Eggers, S. 1995. Extensibility, safety, and performance in the SPIN operating system. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 267--283.

Digital Library

[13]

Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. D. 1999. The role of trust management in distributed systems security. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science, vol. 1603. Springer, Berlin, Germany, 185--210.

Digital Library

[14]

Blaze, M., Feigenbaum, J., and Keromytis, A. D. 1998. KeyNote: Trust management for public-key infrastructures. In Proceedings of the Security Protocols Workshop. 59--63.

Digital Library

[15]

Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 164--173.

Digital Library

[16]

Blaze, M., Feigenbaum, J., and Strauss, M. 1998. Compliance checking in the PolicyMaker trust management system. In Financial Cryptography. Springer-Verlag, Berlin, Germany, 254--274.

Digital Library

[17]

Bowers, K. D., Bauer, L., Garg, D., Pfenning, F., and Reiter, M. K. 2007. Consumable credentials in logic-based access-control systems. In Proceedings of the Network and Distributed System Security Symposium. Internet Society, Reston, VA, 143--157.

[18]

Cameron, K. 2005. The laws of identity. http://www.identitybloc.com/.

[19]

Chu, Y.-H., Feigenbaum, J., LaMacchia, B., Resnick, P., and Strauss, M. 1997. REFEREE: Trust management for Web applications. World Wide Web J. 2, 3, 127--139.

Digital Library

[20]

Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19, 5, 236--243.

Digital Library

[21]

Department of Defense. 1985. Trusted computer security evaluation criteria (TCSEC), DoD 5200.28-STD. http://csrc.nist.gov/publications/history/dod85.pdf.

[22]

DeTreville, J. 2002. Binder, a logic-based security language. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 105--113.

Digital Library

[23]

Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. 1999. SPKI certificate theory. Internet Engineering Task Force. RFC 2693. www.ietf.org.

Digital Library

[24]

Erlingsson, Ú. and Schneider, F. B. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop. ACM Press, New York, NY, 87--95.

Digital Library

[25]

Garg, D., Bauer, L., Bowers, K., Pfenning, F., and Reiter, M. 2006. A linear logic of authorization and knowledge. In Proceedings of the European Symposium on Research in Computer Security. Springer-Verlag, Berlin, Germany, 297--312.

Digital Library

[26]

Garg, D. and Pfenning, F. 2006. Non-interference in constructive authorization logic. In Proceedings of the IEEE Conference on Computer Security Foundations. IEEE Computer Society Press, Los Alamitos, CA, 283--296.

Digital Library

[27]

Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. 1996. A secure environment for untrusted helper applications: Confining the wily hacker. In Proceedings of the Usenix Security Symposium.

Digital Library

[28]

Gray, C. and Cheriton, D. 1989. Leases: An efficient fault-tolerant mechanism for distributed file cache consistency. In Proceedings of the 12th ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 202--210.

Digital Library

[29]

Gurevich, Y. and Neeman, I. 2008. DKAL: Distributed-knowledge authorization language. In Proceedings of the 21st IEEE Computer Security Foundations Symposium. IEEE Computer Society Press, Los Alamitos, CA, 149--162.

Digital Library

[30]

Hamlen, K. W., Morrisett, G., and Schneider, F. B. 2006. Certified in-lined reference monitoring on .NET. In Proceedings of the ACM Workshop on Programming Languages and Analysis for Security. ACM Press, New York, NY, 7--16.

Digital Library

[31]

Howell, J. 2000. Naming and sharing resources across administrative boundaries. Ph.D. dissertation. Dartmouth College, Hanover, NH.

Digital Library

[32]

Howell, J. and Kotz, D. 2000. End-to-end authorization. In Operating System Design & Implementation. USENIX Association, Berkeley, CA, 151--164.

Digital Library

[33]

Jim, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 106--115.

Digital Library

[34]

Lampson, B., Abadi, M., Burrows, M., and Wobber, E. 1992. Authentication in distributed systems: Theory and practice. ACM Trans. Comp. Syst. 10, 265--310.

Digital Library

[35]

Lesniewski-Laas, C., Ford, B., Strauss, J., Morris, R., and Kaashoek, M. F. 2007. Alpaca: Extensible authorization for distributed services. In Proceedings of the ACM Conference on Computer and Communications Security. ACM Press, New York, NY, 432--444.

Digital Library

[36]

Li, N., Grosof, B. N., and Feigenbaum, J. 2003. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inform. Syst. Sec. 6, 128--171.

Digital Library

[37]

Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust-management framework. In Proceedings of the IEEE Conference on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 114--130.

Digital Library

[38]

Necula, G. C. 1997. Proof-carrying code. In Proceedings of the Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM Press, New York, 106--119.

Digital Library

[39]

Organization for the Advancement of Structured Information Standards (OASIS). 2004. Web services security: SOAP message security 1.0 (WS-Security 2004). http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.

[40]

Pfenning, F. and Schürmann, C. 1999. System description: Twelf—a meta-logical framework for deductive systems. In Proceedings of the International Conference on Automated Deduction. Springer-Verlag, Berlin, Germany, 202--206.

Digital Library

[41]

Pimlott, A. and Kselyov, O. 2006. Soutei, a logic-based trust management system, system description. In Proceedings of the 8th International Symposium on Functional and Logic Programming (FLOPS), M. Hagiya and P. Wadler, Eds. Lecture Notes in Computer Science, vol. 3945. Springer, Berlin, Germany, 130--145.

Digital Library

[42]

Rivest, R. and Lampson, B. 1996. SDSI—a simple distributed security infrastructure. http://theory.lcs.mit.edu/cis/sdsi.html.

[43]

Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.

[44]

Sandhu, R. S. 1993. Lattice-based access control models. IEEE Comp. 26, 11, 9--19.

Digital Library

[45]

Schneider, F. B., Walsh, K., and Sirer, E. G. 2009. Nexus authorization logic (NAL): Design rationale and applications. Tech. rep. Cornell University, Ithaca, NY, http://hdl.handle.net/1813/13679.

[46]

Shieh, A., Williams, D., Sirer, E. G., and Schneider, F. B. 2005. Nexus: A new operating system for trustworthy computing. In Proceedings of the Symposium on Operating Systems Principles Work-in-Progress Session.

Digital Library

[47]

Sirer, E. G., Grimm, R., Gregory, A. J., and Bershad, B. N. 1999. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the 17th ACM Symposium on Operating Systems Principles. ACM Press, New York, NY, 202--216.

Digital Library

[48]

Syverson, P. F. and Stubblebine, S. G. 1999. Group principals and the formalization of anonymity. In Proceedings of the World Congress on Formal Methods in the Development of Computing Systems. Springer-Verlag, Berlin, Germany, 814--833.

Digital Library

[49]

Troelstra, A. S. and van Dalen, D. 1988. Constructivism in Mathematics. Studies in Logic and the Foundations of Mathematics Series, vol. 121, J. Barwise et al., Eds. Elsevier, Amsterdam, The Netherlands.

[50]

van Dalen, D. 2004. Logic and Structure, 4th ed. Springer, Berlin, Germany.

[51]

Wahbe, R., Lucco, S., Anderson, T. E., and Graham, S. L. 1993. Efficient software-based fault isolation. In Proceedings of the Symposium on Operating Systems Principles. 203--216.

Digital Library

[52]

Walsh, K. 2011. Support for mutually suspicious subsystems. Ph.D. dissertation, Cornell University, Ithaca, NY.

[53]

Weissman, C. 1969. Security controls in the ADEPT-50 time-sharing system. In Proceedings of the Fall American Federation of Information Processing Societies National SemiAnnual Computer Conference. Vol. 35. 119--133.

Digital Library

[54]

Wobber, E., Abadi, M., Burrows, M., and Lampson, B. 1994. Authentication in the TAOS operating system. ACM Trans. Comp. Syst. 12, 1, 3--32.

Digital Library

[55]

Wobber, T., Rodeheffer, T. L., and Terry, D. B. 2009. Policy-based access control for weakly consistent replication. Tech. rep. MSR--TR--2009--15. Microsoft Research, Redmonds, WA.

[56]

World Wide Web Consortium. 2007. Web services policy 1.5 - framework (WS-Policy). http://www.w3.org/TR/ws-policy/.

Cited By

Yang LCheng JXu CWang XLi JZhang F(2024)Attr-Int: A Simple and Effective Entity Alignment Framework for Heterogeneous Knowledge GraphsICASSP 2024 - 2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)10.1109/ICASSP48485.2024.10445901(6315-6319)Online publication date: 14-Apr-2024
https://doi.org/10.1109/ICASSP48485.2024.10445901
Gollamudi AChong SRanise SCarbone RTakabi D(2023)Expressive Authorization Policies using Computation PrincipalsProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593834(107-119)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3593834
Chase JBaldin I(2021)Federated Authorization for Managed Data Sharing: Experiences from the ImPACT Project2021 International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN52240.2021.9522208(1-10)Online publication date: Jul-2021
https://doi.org/10.1109/ICCCN52240.2021.9522208
Show More Cited By

Index Terms

Nexus authorization logic (NAL): Design rationale and applications
1. Security and privacy
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Correctness
        Access protection

Recommendations

Belief semantics of authorization logic
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

A formal belief semantics for authorization logics is given. The belief semantics is proved to subsume a standard Kripke semantics. The belief semantics yields a direct representation of principals' beliefs, without resorting to the technical machinery ...
Stateful authorization logic: proof theory and a case study
STM'10: Proceedings of the 6th international conference on Security and trust management

Authorization policies can be conveniently represented and reasoned about in logic. Proof theory is important for many such applications of logic. However, so far, there has been no systematic study of proof theory that incorporates system state, upon ...
Flow-Limited Authorization
CSF '15: Proceedings of the 2015 IEEE 28th Computer Security Foundations Symposium

Because information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 14, Issue 1

May 2011

366 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1952982

Issue’s Table of Contents

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2011

Accepted: 01 December 2009

Received: 01 September 2009

Published in TISSEC Volume 14, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

40
Total Citations
View Citations
447
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang LCheng JXu CWang XLi JZhang F(2024)Attr-Int: A Simple and Effective Entity Alignment Framework for Heterogeneous Knowledge GraphsICASSP 2024 - 2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)10.1109/ICASSP48485.2024.10445901(6315-6319)Online publication date: 14-Apr-2024
https://doi.org/10.1109/ICASSP48485.2024.10445901
Gollamudi AChong SRanise SCarbone RTakabi D(2023)Expressive Authorization Policies using Computation PrincipalsProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593834(107-119)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3593834
Chase JBaldin I(2021)Federated Authorization for Managed Data Sharing: Experiences from the ImPACT Project2021 International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN52240.2021.9522208(1-10)Online publication date: Jul-2021
https://doi.org/10.1109/ICCCN52240.2021.9522208
Baldin IChase JCrabtree JNechyba TChristopherson LStealey MKneifel COrlikowski VCarter RScott ESone ASizemore D(2021)ImPACT: A networked service architecture for safe sharing of restricted dataFuture Generation Computer Systems10.1016/j.future.2021.11.026Online publication date: Dec-2021
https://doi.org/10.1016/j.future.2021.11.026
Kozyri ESchneider F(2020)RIFJournal of Computer Security10.3233/JCS-19131628:2(191-228)Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.3233/JCS-191316
Hirsch AAmorim PCecchetti ETate RArden O(2020)First-Order Logic for Flow-Limited Authorization2020 IEEE 33rd Computer Security Foundations Symposium (CSF)10.1109/CSF49147.2020.00017(123-138)Online publication date: Jun-2020
https://doi.org/10.1109/CSF49147.2020.00017
Miller D(2020)A Distributed and Trusted Web of Formal ProofsDistributed Computing and Internet Technology10.1007/978-3-030-36987-3_2(21-40)Online publication date: 9-Jan-2020
https://dl.acm.org/doi/10.1007/978-3-030-36987-3_2
Skalka CRing JDarais DKwon MGupta SDiller KSmolka SFoster NCavallaro LKinder JWang XKatz J(2019)Proof-Carrying Network CodeProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3363214(1115-1129)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3363214
Kozyri EArden OMyers ASchneider F(2019)JRIF: Reactive Information Flow Control for JavaFoundations of Security, Protocols, and Equational Reasoning10.1007/978-3-030-19052-1_7(70-88)Online publication date: 28-Apr-2019
https://doi.org/10.1007/978-3-030-19052-1_7
Gupta AFeamster NVanbever LGodfrey BCasado M(2016)Authorizing Network Control at Software Defined Internet Exchange PointsProceedings of the Symposium on SDN Research10.1145/2890955.2890956(1-6)Online publication date: 14-Mar-2016
https://dl.acm.org/doi/10.1145/2890955.2890956
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents