Presentation is loading. Please wait.

Presentation is loading. Please wait.

Decentralized Access Control: Policy Languages and Logics

Published byAnis Dayna Thornton Modified over 7 years ago

Similar presentations

Presentation on theme: "Decentralized Access Control: Policy Languages and Logics"— Presentation transcript:

1 Decentralized Access Control: Policy Languages and Logics
Deepak Garg Foundations of Security and Privacy Fall 2009

2 Access Control: General Picture
Policy Username: alice Password:************ Principal Principal Request to perform operation Reference Monitor (Guard) Resource Enter house Check bank balance

3 Decentralized Policies
Server1 Policy1 Server2 Policy2 Server3 Policy3 Principal Principal Request to perform operation Reference Monitor (Guard) Resource There is a delegation of trust (e.g., ACM -> CMU)

4 Decentralized Policy Distribution
Individual administrators (e.g., CMU and ACM) represent policies in certificates Certificate = statement + digital signature Certificates are also called credentials Alice is a member of CMU For all U, M. ((U has a subscription) and (M is a member of U)) imply (M has free access) CMU has a subscription

5 Example of Distributed Access
Download paper.pdf ACM Prove that you are a member of CMU Inference: Certificate missing! Check certificate. Inference: Allow access paper.pdf CMU

6 Certificate Verification and Inference
Download paper.pdf ACM Certificate verification and inference are very important Prove that you are a member of CMU Inference: Certificate missing! Check certificate. Inference: Allow access Certificate verification Policy rules and facts are authentic (PKI helps) paper.pdf Inference Deduce permissions from rules and facts CMU

7 Policy Languages and Logics
What language is used to write policy statements and infer permissions from them? For all U, M. ((U has a subscription) and (M is a member of U)) imply (M has free access) Principled approaches: Declarative Languages E.g., RT, SecPAL, Cassandra, Binder Logics E.g., ABLP, GP, BL ∀ U, M. ((hasSubscription(U) ∧ isMember(M,U)) ⊃ hasFreeAccess(M))

8 In This Lecture ... Frameworks for expressing decentralized policies and inferring permissions Policy languages One modern example, SecPAL [BFG'07] Syntax Inference system Access control logics One example from my own research Inference system (proof theory)

9 Security Policy Assertion Language
(SecPAL)

10 Note: Uppercase letters
ACM Example in SecPAL hasFreeAccess(M) if hasSubscription(U), isMember(M,U) isMember(Alice,CMU) Note: Uppercase letters (M, U) are universally quantified variables. Others (Alice,CMU) are constants. hasSubscription(CMU)

11 Where's the Delegation? What here says that ACM trusts CMU to decide
hasFreeAccess(M) if hasSubscription(U), isMember(M,U) isMember(Alice,CMU) What here says that ACM trusts CMU to decide its members? hasSubscription(CMU) Nothing so far!

12 Delegation in SecPAL isMember(Alice,CMU) hasFreeAccess(M) if
hasSubscription(U), isMember(M,U) isMember(Alice,CMU) CMU cansay isMember(M,CMU) hasSubscription(CMU)

13 Delegation in SecPAL isMember(Alice,CMU) hasFreeAccess(M) if
hasSubscription(U), isMember(M,U) isMember(Alice,CMU) (U cansay isMember(M,U)) if hasSubscription(U) hasSubscription(CMU)

14 Syntax of SecPAL Statements
Variable X Principal A ::= Alice | Bob | … | X Term t ::= X | A | ... Fact f ::= A cansay f | p(t1,...,tn) Statement s ::= f if f1, ..., fn

15 ACM Example Revisited Technical Problem
Download paper.pdf ACM Prove that you are a member of CMU Inference: Certificate missing! Check certificate. Inference: Allow access paper.pdf Technical Problem How is the origin of a certificate represented in the formal language? (This is necessary for writing inference rules) CMU

16 The says Keyword and Assertions
Variable X Principal A ::= Alice | Bob | … | X Term t ::= X | A | ... Fact f ::= A cansay f | p(t1,...,tn) Statement s ::= f if f1, ..., fn Assertions a ::= A says s

17 Certificates to Assertions
Inference is performed over assertions, not certificates Inference Engine at ACM's Server hasFreeAccess(M) if hasSubscription(U), isMember(M,U) ACM says (hasFreeAccess(M) if hasSubscription(U), isMember(M,U)) CMU says (isMember(Alice,CMU)) isMember(Alice,CMU)

18 Inference in the ACM Example
Download paper.pdf ACM Prove that you are a member of CMU ACM says ... CMU says ... Inference Engine in ACM's Server SecPAL assertions imported from certificates Access for Alice SecPAL Inference Check certificate. Inference: Allow access Inference: Certificate missing! paper.pdf CMU

19 Summary of Assertions and Inference
Certificates Derived SecPAL Assertions ... SecPAL Assertions Certificate checking ACM says ... CMU says ... ACM says ... CMU says ... SecPAL Inference

20 SecPAL Inference System
Combine assertions to deduce more assertions Inference rules: definition of inference Implementation Translate SecPAL into Datalog for efficiency Use an inference engine over Datalog (standard, non- trivial to build) Theorem that SecPAL inference rules and Datalog inference over translated assertions have same consequences Focus on this

21 SecPAL Inference Rules
Judgment: AC ▶ A says f List of assertions imported from certificates Derived assertion A says (f if f1,...,fn)  AC AC ▶ A says fi AC ▶ A says f AC ▶ A says (B cansay f) AC ▶ B says f AC ▶ A says f

22 Inference for the ACM Example
Assertions Imported from Certificates (1) ACM says (hasFreeAccess(M) if hasSubscription(U), isMember(M,U)) (2) ACM says (hasSubscription(CMU)) (3) ACM says ((U cansay isMember(M,U)) if hasSubscription(U)) (4) CMU says (isMember(Alice,CMU)) Goal (To show) ACM says (hasFreeAccess(Alice)) SecPAL Inference (5) ACM says (CMU cansay isMember(Alice,CMU)) (2,3) (6) ACM says (isMember(Alice,CMU)) (5,4) (7) ACM says (hasFreeAccess(Alice)) (1,2,6)

23 Further Expressiveness: Constraints
Variable X Principal A ::= Alice | Bob | … | X Term t ::= X | A | ... Fact f ::= A cansay f | p(t1,...,tn) Statement s ::= f if f1, ..., fn,c Assertions a ::= A says s c ::= t1 <= t2 | inSet(t1,t2) | ...

24 Examples with Constraints
Time-limited credentials CMU says (isMember(Alice,CMU) if currentYear<=2009) MLS FileServer says (mayread(M,F) if level(F) <= level(M)) Separation of duty can-authorize-payment(R,P) = Bank says isManager(R), Bank says initiated(X,P), X <> R

25 Summary of SecPAL Syntax for representing policy statements
Certificates are imported into SecPAL as assertions Formal rules for inference over assertions Deduce new assertions from existing ones Implementation via translation to Datalog Formal theorem of correctness

26 Access Control Logics (a.k.a. Policy Logics)

27 From Policy Languages to Logics
Policy languages, e.g. SecPAL: Contain custom constructs like (A says s) and (A cansay f) Provide inference rules for interpreting constructs Do the constructs have a logical interpretation? What are their formal semantics, proof theory? Access control logics seek to answer these questions

28 Access Control Logics Access control logic: A logic designed for representing access policies E.g.: ABLP, GP, ICL, DCC, BL, … Focus of access control logic is foundations (semantics, proof theory) Understand connectives like says Can also be used practically like policy languages, with better foundations Grey (next lecture), PCFS (my thesis), Nexus (Cornell)

29 An Access Control Logic
Variously known as GP, ICL, CDD [GP'06,Aba'06,GA'08] Builds on intuitionistic first-order logic Only “access control” construct is (A says s) Both semantics and proof theory have been investigated – focus on proof theory here For details, see related handout

Download ppt "Decentralized Access Control: Policy Languages and Logics"

Similar presentations

Artificial Intelligence

Artificial Intelligence
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)

Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)
Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.

Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.
A Unified Approach to Trust, Delegation, and Authorization Blair Dillaway, Greg Fee Microsoft Corporation Presented at GGF18 Copyright © 2006, Microsoft.

A Unified Approach to Trust, Delegation, and Authorization Blair Dillaway, Greg Fee Microsoft Corporation Presented at GGF18 Copyright © 2006, Microsoft.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
D u k e S y s t e m s Some tutorial slides on ABAC Jeff Chase Duke University.

D u k e S y s t e m s Some tutorial slides on ABAC Jeff Chase Duke University.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
CS344 : Introduction to Artificial Intelligence Pushpak Bhattacharyya CSE Dept., IIT Bombay Lecture 9,10,11- Logic; Deduction Theorem 23/1/09 to 30/1/09.

CS344 : Introduction to Artificial Intelligence Pushpak Bhattacharyya CSE Dept., IIT Bombay Lecture 9,10,11- Logic; Deduction Theorem 23/1/09 to 30/1/09.
Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.

Access Control A Meta-Model 1Dennis Kafura – CS5204 – Operating Systems.
Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.

Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
CS 355 – Programming Languages

CS 355 – Programming Languages
CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.

CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.
Distributed System Security via Logical Frameworks Frank Pfenning Carnegie Mellon University Joint work with Lujo Bauer, Deepak Garg, and Mike Reiter.

Distributed System Security via Logical Frameworks Frank Pfenning Carnegie Mellon University Joint work with Lujo Bauer, Deepak Garg, and Mike Reiter.
Trust Management II Anupam Datta Fall 2007-08 18739A: Foundations of Security and Privacy.

Trust Management II Anupam Datta Fall A: Foundations of Security and Privacy.
Making certificates programmable1 John DeTreville Microsoft Research April 24, 2002.

Making certificates programmable1 John DeTreville Microsoft Research April 24, 2002.
CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.

Similar presentations

Ads by Google