skip to main content
10.1145/1542207.1542216acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

xDomain: cross-border proofs of access

Published: 03 June 2009 Publication History

Abstract

A number of research systems have demonstrated the benefits of accompanying each request with a machine-checkable proof that the request complies with access-control policy - a technique called proof-carrying authorization. Numerous authorization logics have been proposed as vehicles by which these proofs can be expressed and checked. A challenge in building such systems is how to allow delegation between institutions that use different authorization logics. Instead of trying to develop the authorization logic that all institutions should use, we propose a framework for interfacing different, mutually incompatible authorization logics. Our framework provides a very small set of primitives that defines an interface for communication between different logics without imposing any fundamental constraints on their design or nature. We illustrate by example that a variety of different logics can communicate over this interface, and show formally that supporting the interface does not impinge on the integrity of each individual logic. We also describe an architecture for constructing authorization proofs that contain components from different logics and report on the performance of a prototype proof checker.

References

[1]
M. Abadi, M. Burrows, B. Lampson, and G. D. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706--734, Sept. 1993.
[2]
M. Abadi, E. Wobber, M. Burrows, and B. Lampson. Authentication in the Taos Operating System. In Proceedings of the 14th ACM Symposium on Operating System Principles, pages 256--269, Dec. 1993.
[3]
A. W. Appel and E. W. Felten. Proof-carrying authentication. In Proceedings of the 6th ACM Conference on Computer and Communications Security, 1999.
[4]
D. Balfanz, D. Dean, and M. Spreitzer. A security infrastructure for distributed Java applications. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, 2000.
[5]
L. Bauer. Access Control for the Web via Proof-carrying Authorization. PhD thesis, Princeton University, Nov. 2003.
[6]
L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the Grey system. In Information Security: 8th International Conference, ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages 431--445, Sept. 2005.
[7]
L. Bauer, S. Garriss, and M. K. Reiter. Distributed proving in acess-control systems. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, 2005.
[8]
L. Bauer, S. Garriss, and M. K. Reiter. Efficient proving for practical distributed access-control systems. In Computer Security-ESORICS 2007: 12th European Symposium on Research in Computer Security, volume 4734 of Lecture Notes in Computer Science, pages 19--37, Sept. 2007.
[9]
L. Bauer, L. Jia, M. K. Reiter, and D. Swasey. xDomain: Cross-border proofs of access. Technical Report CMU-CyLab-09-005, CyLab, Carnegie Mellon University, Mar. 2009.
[10]
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. The KeyNote trust-management system, version 2, 1999. IETF RFC 2704.
[11]
K. D. Bowers, L. Bauer, D. Garg, F. Pfenning, and M. K. Reiter. Consumable credentials in logic-based access-control systems. In Proceedings of the 2007 Network and Distributed System Security Symposium, pages 143--157, Feb. 2007.
[12]
J. DeTreville. Binder, a logic-based security language. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002.
[13]
H. DeYoung, D. Garg, and F. Pfenning. An authorization logic with explicit time. In Proceedings of the 21st IEEE Symposium on Computer Security Foundations (CSF-21), 2008.
[14]
D. Garg, L. Bauer, K. D. Bowers, F. Pfenning, and M. K. Reiter. A linear logic of authorization and knowledge. In Computer Security-ESORICS 2006: 11th European Symposium on Research in Computer Security, volume 4189 of Lecture Notes in Computer Science, pages 297--312, Sept. 2006.
[15]
D. Garg and F. Pfenning. Non-interference in constructive authorization logic. In Proceedings of the 19th Computer Security Foundations Workshop (CSFW'06), 2006.
[16]
M. J. C. Gordon and T. F. Melham. Introduction to HOL: a theorem proving environment for higher order logic. Cambridge University Press, 1993.
[17]
J. Halpern and R. van der Meyden. A logic for SDSI's linked local name spaces. Journal of Computer Security, 9(1,2):47--74, 2001.
[18]
J. Y. Halpern and V. Weissman. Using first-order logic to reason about policies. In Proceedings of the 16th IEEE Computer Security Foundations Workshop, pages 187--201, June 2003.
[19]
R. Harper, F. Honsell, and G. Plotkin. A framework for defining logics. Journal of the Association for Computing Machinery, 40(1):143--184, 1993.
[20]
J. Howell. Naming and sharing resources across administrative boundaries. PhD thesis, Dartmouth College, May 2000.
[21]
J. Howell and D. Kotz. A formal semantics for SPKI. In Proceedings of the 6th European Symposium on Research in Computer Security, pages 140--158, 2000.
[22]
B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265--310, 1992.
[23]
C. Lesniewski-Laas, B. Ford, J. Strauss, R. Morris, and M. F. Kaashoek. Alpaca, a proof-carrying authentication framework for cryptographic primitives and protocols. In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.
[24]
N. Li, B. N. Grosof, and J. Feigenbaum. Delegation logic: a logic-based approach to distributed authorization. ACM Transactions on Information and Systems Security, 6(1):128--171, Feb. 2003.
[25]
N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002.
[26]
K. Minami and D. Kotz. Secure context-sensitive authorization. Journal of Pervasive and Mobile Computing, 1(1), 2005.
[27]
G. C. Necula. Proof-carrying code. In N. D. Jones, editor, Proceedings of the Symposium on Principles of Programming Languages, pages 106--119, Jan. 1997.
[28]
G. C. Necula. Compiling with Proofs. PhD thesis, Carnegie Mellon University, Oct. 1998.
[29]
F. Pfenning. Structural cut elimination I. intuitionistic and classical logic. Information and Computation, 157(1/2):84--141, Mar. 2000.
[30]
F. Pfenning and C. Schurmann. System description: Twelf-a meta-logical framework for deductive systems. In Proceedings of the 16th International Conference on Automated Deduction (CADE-16), pages 202--206, 1999.
[31]
The Coq Development Team. The Coq Proof Assistant Reference Manual. LogiCal Project, 2006.

Cited By

View all
  • (2015)Multi-tenancy authorization models for collaborative cloud servicesConcurrency and Computation: Practice & Experience10.1002/cpe.344627:11(2851-2868)Online publication date: 10-Aug-2015
  • (2013)A multi-tenant RBAC model for collaborative cloud services2013 Eleventh Annual Conference on Privacy, Security and Trust10.1109/PST.2013.6596058(229-238)Online publication date: Jul-2013
  • (2013)Cross-tenant trust models in cloud computing2013 IEEE 14th International Conference on Information Reuse & Integration (IRI)10.1109/IRI.2013.6642463(129-136)Online publication date: Aug-2013
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '09: Proceedings of the 14th ACM symposium on Access control models and technologies
June 2009
258 pages
ISBN:9781605585376
DOI:10.1145/1542207
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. distributed authorization
  2. logic-based access control
  3. trust management

Qualifiers

  • Research-article

Conference

SACMAT '09
Sponsor:

Acceptance Rates

SACMAT '09 Paper Acceptance Rate 24 of 75 submissions, 32%;
Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)1
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2015)Multi-tenancy authorization models for collaborative cloud servicesConcurrency and Computation: Practice & Experience10.1002/cpe.344627:11(2851-2868)Online publication date: 10-Aug-2015
  • (2013)A multi-tenant RBAC model for collaborative cloud services2013 Eleventh Annual Conference on Privacy, Security and Trust10.1109/PST.2013.6596058(229-238)Online publication date: Jul-2013
  • (2013)Cross-tenant trust models in cloud computing2013 IEEE 14th International Conference on Information Reuse & Integration (IRI)10.1109/IRI.2013.6642463(129-136)Online publication date: Aug-2013
  • (2013)Multi-tenancy authorization models for collaborative cloud services2013 International Conference on Collaboration Technologies and Systems (CTS)10.1109/CTS.2013.6567218(132-138)Online publication date: May-2013
  • (2010)Constraining Credential Usage in Logic-Based Access ControlProceedings of the 2010 23rd IEEE Computer Security Foundations Symposium10.1109/CSF.2010.18(154-168)Online publication date: 17-Jul-2010

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media