research-article

EON: modeling and analyzing dynamic access control systems with logic programs

Authors:

Avik Chaudhuri,

Prasad Naldurg,

Sriram K. Rajamani,

Lakshmisubrahmanyam VelagaAuthors Info & Claims

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Pages 381 - 390

https://doi.org/10.1145/1455770.1455818

Published: 27 October 2008 Publication History

Abstract

We present EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems. Our language extends Datalog with some carefully designed constructs that allow the introduction and transformation of new relations. For example, these constructs can model the creation of processes and objects, and the modification of their security labels at runtime. The information-flow properties of such systems can be analyzed by asking queries in this language. We show that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog, and further, under some restrictions, to efficient query evaluation in Datalog.

We implement these reductions in our tool, and demonstrate its scope through several case studies.

In particular, we study in detail the dynamic access control models of the Windows Vista and Asbestos operating systems. We also automatically prove the security of a webserver running on Asbestos.

References

[1]

M. Abadi and Z. Manna. Temporal logic programming. Journal of Symbolic Computing, 8(3):277--295, 1989.

Digital Library

[2]

M. Becker, C. Fournet, and A. Gordon. Design and semantics of a decentralized authorization language. In CSF'07: Computer Security Foundations Symposium. IEEE, 2007.

Digital Library

[3]

D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corp., 1975.

[4]

K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, MITRE Corp., 1977.

[5]

B. Blanchet. An efficient cryptographic protocol verifier based on prolog rules. In CSFW'01: Computer Security Foundations Workshop, page 82. IEEE, 2001.

Digital Library

[6]

A. Chaudhuri, P. Naldurg, and S. Rajamani. A type system for data-flow integrity on Windows Vista. In PLAS'08: Programming Languages and Analysis for Security, pages 89--100. ACM, 2008.

Digital Library

[7]

A. Chaudhuri, P. Naldurg, S. Rajamani, G. Ramalingam, and L. Velaga. EON: Modeling and analyzing dynamic access control systems with logic programs. Technical Report MSR-TR-2008-21, Microsoft Research, 2008. See http://www.soe.ucsc.edu/avik/projects/EON/.

[8]

M. Conover. Analysis of the windows vista security model. Symantec Report. Available at www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf.

[9]

D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, 1976.

Digital Library

[10]

D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In IJCAR'06: International Joint Conference on Automated Reasoning, 2006.

Digital Library

[11]

P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In SOSP'05: Symposium on Operating Systems Principles, pages 17--30. ACM, 2005.

Digital Library

[12]

A. Y. Halevy, I. S. Mumick, Y. Sagiv, and O. Shmueli. Static analysis in datalog extensions. Journal of the ACM, 48(5):971--1012, 2001.

Digital Library

[13]

M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. On protection in operating systems. In SOSP'75: Symposium on Operating systems Principles, pages 14--24. ACM, 1975.

Digital Library

[14]

B. W. Lampson. Protection. ACM Operating Systems Review, 8(1):18--24, Jan 1974.

Digital Library

[15]

P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, J. Turner, and J. Farrell. The inevitability of failure: The flawed assumption of security in modern computing environments. Technical report, NSA, 1995.

[16]

P. Naldurg, S. Schwoon, S. Rajamani, and J. Lambert. Netra: seeing through access control. In FMSE'06: Formal Methods in Security Engineering, pages 55--66. ACM, 2006.

Digital Library

[17]

M. A. Orgun. On temporal deductive databases. Computational Intelligence, 12:235--259, 1996.

[18]

B. Sarna-Starosta and S. D. Stoller. Policy analysis for security-enhanced linux. In WITS'04: Workshop on Issues in the Theory of Security, 2004. Available at http://www.cs.sunysb.edu/stoller/WITS2004.html.

[19]

S. D. Stoller, P. Yang, C. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control. In CCS'07: Conference on Computer and Communications Security. ACM, 2007.

Digital Library

[20]

J. D. Ullman. Principles of Database and Knowledge-base Systems, Volume II: The New Technologies. Computer Science Press, New York, 1989.

Digital Library

[21]

S. Zdancewic and A. C. Myers. Robust declassification. In CSFW'01: Computer Security Foundations Workshop, pages 5--16. IEEE, 2001.

Digital Library

Cited By

Bucuti TDantu RMorozov KKerschbaum FMashatan ANiu JLee A(2019)CMCAPProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325414(207-212)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325414
Deshotels LDeaconescu RCarabas CManda IEnck WChiroiu MLi NSadeghi AKim JAhn GKim SKim YLopez JKim T(2018)iOracleProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196527(117-131)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3196494.3196527
(2014)Evaluating and comparing the quality of access control in different operating systemsComputers and Security10.1016/j.cose.2014.05.00147:C(26-40)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1016/j.cose.2014.05.001
Show More Cited By

Index Terms

EON: modeling and analyzing dynamic access control systems with logic programs

Recommendations

From answer set logic programming to circumscription via logic of GK

We first embed Pearce's equilibrium logic and Ferraris's propositional general logic programs in Lin and Shoham's logic of GK, a nonmonotonic modal logic that has been shown to include as special cases both Reiter's default logic in the propositional ...
On goal-directed provability in classical logic

One of the key features of logic programming is the notion of goal-directed provability. In intuitionistic logic, the notion of uniform proof has been used as a proof-theoretic characterization of this property. Whilst the connections between ...
A Dynamic Logic-Based Modal Prolog
MICAI '12: Proceedings of the 2012 11th Mexican International Conference on Artificial Intelligence

The field of modal logic programming has been developed to extend the expressiveness of logic programming. By introducing the modal operators of necessity and possibility within the language of Horn clauses, modal logic programming languages retain its ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

October 2008

590 pages

ISBN:9781595938107

DOI:10.1145/1455770

General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27 - 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
488
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bucuti TDantu RMorozov KKerschbaum FMashatan ANiu JLee A(2019)CMCAPProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325414(207-212)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325414
Deshotels LDeaconescu RCarabas CManda IEnck WChiroiu MLi NSadeghi AKim JAhn GKim SKim YLopez JKim T(2018)iOracleProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196527(117-131)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3196494.3196527
(2014)Evaluating and comparing the quality of access control in different operating systemsComputers and Security10.1016/j.cose.2014.05.00147:C(26-40)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1016/j.cose.2014.05.001
Cheng LZhang YHan Z(2013)Quantitatively Measure Access Control Mechanisms across Different Operating SystemsProceedings of the 2013 IEEE 7th International Conference on Software Security and Reliability10.1109/SERE.2013.12(50-59)Online publication date: 18-Jun-2013
https://dl.acm.org/doi/10.1109/SERE.2013.12
Frau STorabi Dashti M(2013)Analysis of Communicating Authorization PoliciesSecurity and Trust Management10.1007/978-3-642-38004-4_7(97-112)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38004-4_7
Zhao MLiu P(2013)Modeling and Checking the Security of DIFC System ConfigurationsAutomated Security Management10.1007/978-3-319-01433-3_2(21-38)Online publication date: 17-Sep-2013
https://doi.org/10.1007/978-3-319-01433-3_2
Dixon CMahajan RAgarwal SBrush ALee BSaroiu SBahl PGribble SKatabi D(2012)An operating system for the homeProceedings of the 9th USENIX conference on Networked Systems Design and Implementation10.5555/2228298.2228332(25-25)Online publication date: 25-Apr-2012
https://dl.acm.org/doi/10.5555/2228298.2228332
Naldurg P(2012)Foundations of Dynamic Access ControlInformation Systems Security10.1007/978-3-642-35130-3_4(44-58)Online publication date: 2012
https://doi.org/10.1007/978-3-642-35130-3_4
Yang ZYin LDuan MJin SChen YDanezis GShmatikov V(2011)PosterProceedings of the 18th ACM conference on Computer and communications security10.1145/2046707.2093515(873-876)Online publication date: 17-Oct-2011
https://dl.acm.org/doi/10.1145/2046707.2093515
Naldurg PK.R. RBreu RCrampton JLobo J(2011)SEALProceedings of the 16th ACM symposium on Access control models and technologies10.1145/1998441.1998454(83-92)Online publication date: 15-Jun-2011
https://dl.acm.org/doi/10.1145/1998441.1998454
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten