EON: Modeling and analyzing dynamic access control systems with logic programs

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 381-390

  Chaudhuri, Avik ^a   Naldurg, Prasad ^b   Rajamani, Sriram K ^b   Ramalingam, G ^b   Velaga, Lakshmisubrahmanyam ^c  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b MICROSOFT RESEARCH   (United States)

^c INDIAN INSTITUTE OF MANAGEMENT BANGALORE   (India)

Author keywords

Automatic verification; Dynamic access control; Logic programming

Indexed keywords

AUTOMATIC VERIFICATION; DATALOG; DYNAMIC ACCESS CONTROL; EFFICIENT QUERY EVALUATION; INFORMATION FLOWS; LOGIC PROGRAMS; OPERATING SYSTEMS; PROGRAMMING LANGUAGE; QUERY EVALUATION; RUNTIMES; SATISFIABILITY; SECURITY LABEL; WINDOWS VISTA;

ASBESTOS; COMPUTABILITY AND DECIDABILITY; COMPUTER OPERATING SYSTEMS; COMPUTER SOFTWARE SELECTION AND EVALUATION; LINGUISTICS; LOGIC PROGRAMMING; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 70349289357     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1455770.1455818     Document Type: Conference Paper

References (21)

1. M. Abadi and Z. Manna. Temporal logic programming. Journal of Symbolic Computing, 8(3):277-295, 1989.
2. M. Becker, C. Fournet, and A. Gordon. Design and semantics of a decentralized authorization language. In CSF'07: Computer Security Foundations Symposium. IEEE, 2007.
3. D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corp., 1975.
4. K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3 153, MITRE Corp., 1977.
5. B. Blanchet. An efficient cryptographic protocol verifier based on prolog rules. In CSFW'01: Computer Security Foundations Workshop, page 82. IEEE, 2001.
6. A. Chaudhuri, P. Naldurg, and S. Rajamani. A type system for data-flow integrity on Windows Vista. In PLAS'08: Programming Languages and Analysis for Security, pages 89-100. ACM, 2008.
7. A. Chaudhuri, P. Naldurg, S. Rajamani, G. Ramalingam, and L. Velaga. EON: Modeling and analyzing dynamic access control systems with logic programs. Technical Report MSR-TR-2008-21, Microsoft Research, 2008. See http: //www.soe.ucsc.edu/̃avik/projects/EON/.
8. M. Conover. Analysis of the windows vista security model. Symantec Report. Available at www.symantec.com/avcenter/reference/Windows-Vista-Security- Model-Analysis.pdf.
9. D. E. Denning, A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, 1976.
10. D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In IJCAR '06: International Joint Conference on Automated Reasoning, 2006.
11. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Maziéres, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In SOSP '05: Symposium on Operating Systems Principles, pages 17-30. ACM, 2005.
12. A. Y. Halevy, I. S. Mumick, Y. Sagiv, and O. Shmueli. Static analysis in datalog extensions. Journal of the ACM, 48(5):971-1012, 2001.
13. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. On protection in operating systems. In SOSP'75: Symposium on Operating systems Principles, pages 14-24. ACM, 1975.
14. B. W. Lampson. Protection. ACM Operating Systems Review, 8(1):l8-24, Jan 1974.
15. P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, J. Turner, and J. Farrell. The inevitability of failure: The flawed assumption of security in modern computing environments. Technical report, NSA, 1995.
16. P. Naldurg, S. Schwoon, S. Rajamani, and J. Lambert. Netra: seeing through access control. In FMSE'06: Formal Methods in Security Engineering, pages 55-66. ACM, 2006.
17. M. A. Orgun. On temporal deductive databases. Computational Intelligence, 12:235-259, 1996.
18. B. Sarna-Starosta and S. D. Stoller. Policy analysis for security-enhanced linux. In WITS'04: Workshop on Issues in the Theory of Security, 2004. Available at http://www.Cs.sunysb.edu/̃stoller/ WIT52004.html.
19. S. D. Stoller, P. Yang, C. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control. In CCS'07. conference on Computer and Communications Security. ACM, 2007.
20. J. D. Ullman. Principles of Database and Knowledge-base Systems, Volume II: The New Technologies. Computer Science Press, New York, 1989.
21. S. Zdancewic and A. C. Myers. Robust declassification. In CSFW'01: Computer Security Foundations Workshop, pages 5-16. IEEE, 2001.