Variations in Access Control Logic

  • Martín Abadi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5076)

Abstract

In this paper we investigate the design space of access control logics. Specifically, we consider several possible axioms for the common operator says. Some of the axioms come from modal logic and programming-language theory; others are suggested by ideas from security, such as delegation of authority and the Principle of Least Privilege. We compare these axioms and study their implications.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M.: Logic in access control. In: Proceedings of the Eighteenth Annual IEEE Symposium on Logic in Computer Science, pp. 228–233 (2003)Google Scholar
  2. 2.
    Abadi, M.: Access control in a core calculus of dependency. Electronic Notes in Theoretical Computer Science 172, 5–31 (2007); Computation, Meaning, and Logic: Articles dedicated to Gordon PlotkinCrossRefMathSciNetGoogle Scholar
  3. 3.
    Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pp. 147–160 (January 1999)Google Scholar
  4. 4.
    Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)CrossRefGoogle Scholar
  5. 5.
    Bauer, L., Garriss, S., Reiter, M.K.: Distributed proving in access-control systems. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 81–95 (May 2005)Google Scholar
  6. 6.
    Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. In: 20th IEEE Computer Security Foundations Symposium, pp. 3–15 (2007)Google Scholar
  7. 7.
    Cardelli, L.: Type systems. In: Tucker, A.B. (ed.) The Computer Science and Engineering Handbook, ch.103, pp. 2208–2236. CRC Press, Boca Raton (1997)Google Scholar
  8. 8.
    Cirillo, A., Jagadeesan, R., Pitcher, C., Riely, J.: Do as I SaY! programmatic access control with explicit identities. In: 20th IEEE Computer Security Foundations Symposium, pp. 16–30 (July 2007)Google Scholar
  9. 9.
    DeTreville, J.: Binder, a logic-based security language. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 105–113 (May 2002)Google Scholar
  10. 10.
    Fairtlough, M., Mendler, M.: Propositional lax logic. Information and Computation 137(1), 1–33 (1997)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Fournet, C., Gordon, A.D., Maffeis, S.: A type discipline for authorization in distributed systems. In: 20th IEEE Computer Security Foundations Symposium, pp. 31–45 (2007)Google Scholar
  12. 12.
    Garg, D., Pfenning, F.: Non-interference in constructive authorization logic. In: 19th IEEE Computer Security Foundations Workshop, pp. 283–296 (2006)Google Scholar
  13. 13.
    Girard, J.-Y.: Interprétation Fonctionnelle et Elimination des Coupures de l’Arithmétique d’Ordre Supérieur. Thèse de doctorat d’état, Université Paris VII (June 1972)Google Scholar
  14. 14.
    Gurevich, Y., Neeman, I.: DKAL: Distributed-knowledge authorization language. Technical Report MSR-TR-2007-116, Microsoft Research (August 2007)Google Scholar
  15. 15.
    Hughes, G.E., Cresswell, M.J.: An Introduction to Modal Logic. Methuen Inc., New York (1968)Google Scholar
  16. 16.
    Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)CrossRefGoogle Scholar
  17. 17.
    Lampson, B.W.: Protection. In: Proceedings of the 5th Princeton Conference on Information Sciences and Systems, pp. 437–443 (1971)Google Scholar
  18. 18.
    Lampson, B.W.: Computer security in the real world. IEEE Computer 37(6), 37–46 (2004)Google Scholar
  19. 19.
    Lesniewski-Laas, C., Ford, B., Strauss, J., Kaashoek, M.F., Morris, R.: Alpaca: extensible authorization for distributed services. In: 14th ACM Conference on Computer and Communications Security, pp. 432–444 (2007)Google Scholar
  20. 20.
    Li, N., Grosof, B.N., Feigenbaum: Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security 6(1), 128–171 (2003)CrossRefGoogle Scholar
  21. 21.
    Moggi, E.: Notions of computation and monads. Information and Control 93(1), 55–92 (1991)MATHMathSciNetGoogle Scholar
  22. 22.
    Saltzer, J.H., Schroeder, M.D.: The protection of information in computer system. Proceedings of the IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  23. 23.
    Tse, S., Zdancewic, S.: Translating dependency into parametricity. Journal of Functional Programming (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Martín Abadi
    • 1
  1. 1.Microsoft ResearchUniversity of CaliforniaSanta Cruz 

Personalised recommendations