Title :
Do As I SaY! Programmatic Access Control with Explicit Identities
Author :
Cirillo, Andrew ; Jagadeesan, Radha ; Pitcher, Corin ; Riely, James
Author_Institution :
DePaul Univ., Chicago
Abstract :
We address the programmatic realization of the access control model of security in distributed systems. Our aim is to bridge the gap between abstract/declarative policies and their concrete/operational implementations. We present a programming formalism (which extends the asynchronous pi-calculus with explicit principals) and a specification logic (which extends Datalog with primitives from authorization logic). We provide two kinds of static analysis methods to tie implementation to specification. Type checking determines that a program is a sound implementation of policy; i.e., that all granted accesses are safe in the face of arbitrary opponents. Model checking determines a degree of completeness; i.e., that accesses permitted by the policy are actually granted in the implementation.
Keywords :
DATALOG; authorisation; distributed processing; formal specification; pi calculus; program diagnostics; Datalog; abstract policy; asynchronous pi-calculus; authorization logic; declarative policy; distributed systems; model checking; programmatic access control; programmatic realization; programming formalism; specification logic; static analysis methods; type checking; Access control; Access protocols; Authentication; Authorization; Bridges; Concrete; Data security; Electronic mail; Lattices; Logic programming;
Conference_Titel :
Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE
Conference_Location :
Venice
Print_ISBN :
0-7695-2819-8
DOI :
10.1109/CSF.2007.19
