Expressive Authorization Policies using Computation Principals
Pages 107 - 119
Abstract
In authorization logics, it is natural to treat computations as principals, since systems need to decide how much authority to give computations when they execute. But unlike other kinds of principals, the authority that we want to give to computations might be based on properties of the computation itself, such as whether the computation is differentially private, or whether the computation is memory safe. Existing authorization logics do not treat computation principals specially. Instead, they identify computation principals using a brittle hash-based naming scheme: minor changes to the code produce a distinct principal, even if the new computation is equivalent to the original one. Moreover, existing authorization logics typically treat computation principals as "black boxes," leaving any reasoning about the structure, semantics, or other properties of the computation out of the logic. We introduce Coal, a novel programming-language calculus that embeds an authorization logic in its type system via the Curry- Howard isomorphism. A key innovation of Coal is computation principals: computations that can be treated like other principals but also allow reasoning about the computation itself. Critically, Coal allows equivalent computations to be treated as equivalent principals, avoiding the brittleness of identity-based approaches to computation principals. Coal enables us to cleanly express fine-grained access control policies that are dependent on the structure and semantics of computations, such as expressing trust in all computations that are analyzed to be differentially private by any program analyzer that has been verified correct.
References
[1]
Mart'in Abadi. 2006. Access Control in a Core Calculus of Dependency. In 11textsuperscriptth ACM SIGPLAN Int'l Conf. on Functional Programming. ACM, New York, NY, USA.
[2]
Mart'in Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. 1999. A Core Calculus of Dependency. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Antonio, Texas, USA) (POPL '99). ACM.
[3]
Mart'in Abadi, Michael Burrows, Butler W. Lampson, and Gordon D. Plotkin. 1993. A Calculus for Access Control in Distributed Systems. ACM Trans. on Programming Languages and Systems, Vol. 15, 4 (1993), 706--734.
[4]
Owen Arden and Andrew C. Myers. 2016. A Calculus for Flow-Limited Authorization. In 29textsuperscriptth IEEE Symp. on Computer Security Foundations (CSF). 135--147. http://www.cs.cornell.edu/andru/papers/flac
[5]
Henk (Hendrik) Barendregt. 1991. Self-Interpretations in lambda Calculus. J. Funct. Program., Vol. 1 (01 1991), 229--233.
[6]
Matt Brown and Jens Palsberg. 2015. Self-Representation in Girard's System U. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Mumbai, India) (POPL '15). Association for Computing Machinery, New York, NY, USA, 471--484.
[7]
T. Coquand and G. Huet. 1988. The Calculus of Constructions. Inf. and Comp., Vol. 76, 2--3 (1988), 95--120.
[8]
Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. 1989. The Digital Distributed System Security Architecture. National Institute of Standards and Technology.
[9]
Anitha Gollamudi, Stephen Chong, and Owen Arden. 2019. Information Flow Control for Distributed Trusted Execution Environments. In Proceedings of the 32nd IEEE Computer Security Foundations Symposium. IEEE Press, Hoboken, NJ, USA.
[10]
Intel. 2020. Intel Software Guard Extensions SDK. https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions/sdk.html.
[11]
Limin Jia, Jeffrey A. Vaughan, Karl Mazurak, Jianzhou Zhao, Luke Zarko, Joseph Schorr, and Steve Zdancewic. 2008. Aura: A Programming Language for Authorization and Audit. In 13textsuperscriptth ACM SIGPLAN Int'l Conf. on Functional Programming.
[12]
Xavier Leroy. 2006. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In 33rd ACM symposium on Principles of Programming Languages. ACM Press, 42--54.
[13]
Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture (USENIX).
[14]
Frank Pfenning and Peter Lee. 1989. LEAP: A language with eval and polymorphism. 345--359. https://doi.org/10.1007/3--540--50940--2_46
[15]
Tillmann Rendel, Klaus Ostermann, and Christian Hofer. 2009. Typed Self-Representation. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (Dublin, Ireland) (PLDI '09). Association for Computing Machinery, New York, NY, USA, 293--303.
[16]
Ahmad-Reza Sadeghi, Christian Stüble, and Marcel Winandy. 2008. Property-Based TPM Virtualization. In Information Security, Tzong-Chen Wu, Chin-Laung Lei, Vincent Rijmen, and Der-Tsai Lee (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg.
[17]
Fred B. Schneider. [n.,d.]. https://www.cs.cornell.edu/fbs/publications/chptr.isolate.measPrins.pdf. Measured Principals and Gating Functions.
[18]
Fred B. Schneider, Kevin Walsh, and Emin Gün Sirer. 2011. Nexus Authorization Logic (NAL): Design Rationale and Applications. ACM Trans. Inf. Syst. Secur., Vol. 14, 1 (June 2011), 8:1--8:28. https://doi.org/10.1145/1952982.1952990
[19]
Emin Gün Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, and Fred B. Schneider. 2011. Logical Attestation: An Authorization Architecture for Trustworthy Computing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP '11). Association for Computing Machinery, New York, NY, USA.
[20]
Morten Heine Sørensen and Pawel Urzyczyn. 2006. Lectures on the Curry-Howard Isomorphism, Volume 149 (Studies in Logic and the Foundations of Mathematics). Elsevier Science Inc., USA.
[21]
Stephen Tse and Steve Zdancewic. 2004. Translating Dependency into Parametricity. In 9textsuperscriptth ACM SIGPLAN Int'l Conf. on Functional Programming. 115--125. https://doi.org/10.1145/1016850.1016868
[22]
Jeffrey A. Vaughan. 2011. AuraConf: A Unified Approach to Authorization and Confidentiality. In Proceedings of the 7th ACM SIGPLAN Workshop on Types in Language Design and Implementation (Austin, Texas, USA). 45--58. io
Index Terms
- Expressive Authorization Policies using Computation Principals
Recommendations
On the Complexity of Linear Authorization Logics
LICS '12: Proceedings of the 2012 27th Annual IEEE/ACM Symposium on Logic in Computer ScienceLinear authorization logics (LAL) are logics based on linear logic that can be used for modeling effect-based authentication policies. LAL has been used in the context of the Proof-Carrying Authorization framework, where formal proofs are constructed in ...
Flow-Limited Authorization
CSF '15: Proceedings of the 2015 IEEE 28th Computer Security Foundations SymposiumBecause information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows ...
A logic for state-modifying authorization policies
Administering and maintaining access control systems is a challenging task, especially in environments with complex and changing authorization requirements. A number of authorization logics have been proposed that aim at simplifying access control by ...
Comments
Information & Contributors
Information
Published In
May 2023
218 pages
ISBN:9798400701733
DOI:10.1145/3589608
- General Chair:
- Silvio Ranise,
- Program Chairs:
- Roberto Carbone,
- Daniel Takabi
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 May 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SACMAT '23
Sponsor:
SACMAT '23: The 28th ACM Symposium on Access Control Models and Technologies
June 7 - 9, 2023
Trento, Italy
Acceptance Rates
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 72Total Downloads
- Downloads (Last 12 months)28
- Downloads (Last 6 weeks)2
Reflects downloads up to 22 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in