Do As I SaY! Programmatic Access Control with Explicit Identities

Author

Cirillo, Andrew ; Jagadeesan, Radha ; Pitcher, Corin ; Riely, James

Author_Institution

DePaul Univ., Chicago

fYear

2007

fDate

6-8 July 2007

Firstpage

16

Lastpage

30

Abstract

We address the programmatic realization of the access control model of security in distributed systems. Our aim is to bridge the gap between abstract/declarative policies and their concrete/operational implementations. We present a programming formalism (which extends the asynchronous pi-calculus with explicit principals) and a specification logic (which extends Datalog with primitives from authorization logic). We provide two kinds of static analysis methods to tie implementation to specification. Type checking determines that a program is a sound implementation of policy; i.e., that all granted accesses are safe in the face of arbitrary opponents. Model checking determines a degree of completeness; i.e., that accesses permitted by the policy are actually granted in the implementation.

Keywords

DATALOG; authorisation; distributed processing; formal specification; pi calculus; program diagnostics; Datalog; abstract policy; asynchronous pi-calculus; authorization logic; declarative policy; distributed systems; model checking; programmatic access control; programmatic realization; programming formalism; specification logic; static analysis methods; type checking; Access control; Access protocols; Authentication; Authorization; Bridges; Concrete; Data security; Electronic mail; Lattices; Logic programming;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE

Conference_Location

Venice

ISSN

1940-1434

Print_ISBN

0-7695-2819-8

Type

conf

DOI

10.1109/CSF.2007.19

Filename

4271638