Nexus authorization logic (NAL): Design rationale and applications

Q Engineering

ACM Transactions on Information and System Security Pub Date : 2011-05-01 DOI:10.1145/1952982.1952990

F. Schneider, Kevin Walsh, E. G. Sirer

引用次数: 80

Abstract

Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of document-viewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.

查看原文本刊更多论文

Nexus授权逻辑(NAL):设计原理和应用程序

Nexus授权逻辑(NAL)为指定和推理凭证和授权策略提供了一个有原则的基础。它扩展了基于“说”和“说”操作符的优先访问控制逻辑。NAL允许访问请求的授权依赖于(i)请求者的来源或血统，(ii)对请求者的任何机械化分析的结果，或(iii)使用可信软件来封装或修改请求者。为了说明这种授权方法的便利性和表现力，实现了一套在Nexus操作系统上运行的文档查看器应用程序。其中一个查看器执行与文档包含的摘录的完整性有关的策略;另一个查看器执行通过标记文本块的标签指定的机密策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Information and System Security 工程技术-计算机：信息系统

CiteScore

4.50

自引率

0.00%

发文量

审稿时长

3.3 months

期刊介绍： ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.