ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
EON: modeling and analyzing dynamic access control systems with logic programs
Full text PdfPdf (224 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 15th ACM conference on Computer and communications security table of contents
Alexandria, Virginia, USA
SESSION: Formal methods 2 table of contents
Pages 381-390  
Year of Publication: 2008
ISBN:978-1-59593-810-7
Authors
Avik Chaudhuri  University of California, Santa Cruz, Santa Cruz, CA, USA
Prasad Naldurg  Microsoft Research India, Bangalore, India
Sriram K. Rajamani  Microsoft Research India, Bangalore, India
G. Ramalingam  Microsoft Research India, Bangalore, India
Lakshmisubrahmanyam Velaga  Indian Institute of Management, Bangalore, India
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 14,   Downloads (12 Months): 166,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1455770.1455818
What is a DOI?

ABSTRACT

We present EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems. Our language extends Datalog with some carefully designed constructs that allow the introduction and transformation of new relations. For example, these constructs can model the creation of processes and objects, and the modification of their security labels at runtime. The information-flow properties of such systems can be analyzed by asking queries in this language. We show that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog, and further, under some restrictions, to efficient query evaluation in Datalog.

We implement these reductions in our tool, and demonstrate its scope through several case studies.

In particular, we study in detail the dynamic access control models of the Windows Vista and Asbestos operating systems. We also automatically prove the security of a webserver running on Asbestos.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
M. Abadi , Z. Manna, Temporal logic programming, Journal of Symbolic Computation, v.8 n.3, p.277-295, Sep. 1989  [doi>10.1016/S0747-7171(89)80070-7]
 
2
Moritz Becker , Cedric Fournet , Andrew Gordon, Design and Semantics of a Decentralized Authorization Language, Proceedings of the 20th IEEE Computer Security Foundations Symposium, p.3-15, July 06-08, 2007  [doi>10.1109/CSF.2007.18]
 
3
D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corp., 1975.
 
4
K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, MITRE Corp., 1977.
 
5
Bruno Blanchet, An Efficient Cryptographic Protocol Verifier Based on Prolog Rules, Proceedings of the 14th IEEE workshop on Computer Security Foundations, p.82, June 11-13, 2001
6
Avik Chaudhuri , Prasad Naldurg , Sriram Rajamani, A type system for data-flow integrity on windows vista, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA  [doi>10.1145/1375696.1375708]
 
7
A. Chaudhuri, P. Naldurg, S. Rajamani, G. Ramalingam, and L. Velaga. EON: Modeling and analyzing dynamic access control systems with logic programs. Technical Report MSR-TR-2008-21, Microsoft Research, 2008. See http://www.soe.ucsc.edu/avik/projects/EON/.
 
8
M. Conover. Analysis of the windows vista security model. Symantec Report. Available at www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf.
9
Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976  [doi>10.1145/360051.360056]
 
10
D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In IJCAR'06: International Joint Conference on Automated Reasoning, 2006.
11
Petros Efstathopoulos , Maxwell Krohn , Steve VanDeBogart , Cliff Frey , David Ziegler , Eddie Kohler , David Mazières , Frans Kaashoek , Robert Morris, Labels and event processes in the asbestos operating system, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
12
Alon Y. Halevy , Inderpal Singh Mumick , Yehoshua Sagiv , Oded Shmueli, Static analysis in datalog extensions, Journal of the ACM (JACM), v.48 n.5, p.971-1012, September 2001  [doi>10.1145/502102.502104]
13
Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, On protection in operating systems, Proceedings of the fifth ACM symposium on Operating systems principles, p.14-24, November 19-21, 1975, Austin, Texas, United States
14
Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974  [doi>10.1145/775265.775268]
 
15
P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, J. Turner, and J. Farrell. The inevitability of failure: The flawed assumption of security in modern computing environments. Technical report, NSA, 1995.
16
Prasad Naldurg , Stefan Schwoon , Sriram Rajamani , John Lambert, NETRA:: seeing through access control, Proceedings of the fourth ACM workshop on Formal methods in security, p.55-66, November 03-03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180337.1180343]
 
17
M. A. Orgun. On temporal deductive databases. Computational Intelligence, 12:235--259, 1996.
 
18
B. Sarna-Starosta and S. D. Stoller. Policy analysis for security-enhanced linux. In WITS'04: Workshop on Issues in the Theory of Security, 2004. Available at http://www.cs.sunysb.edu/stoller/WITS2004.html.
19
Scott D. Stoller , Ping Yang , C R. Ramakrishnan , Mikhail I. Gofman, Efficient policy analysis for administrative role based access control, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA  [doi>10.1145/1315245.1315300]
 
20
Jeffrey D. Ullman, Principles of Database and Knowledge-Base Systems: Volume II: The New Technologies, W. H. Freeman & Co., New York, NY, 1990
 
21
Steve Zdancewic , Andrew C. Myers, Robust Declassification, Proceedings of the 14th IEEE workshop on Computer Security Foundations, p.5, June 11-13, 2001

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Information flow controls; Verification**

  F. Theory of Computation
  F.3 LOGICS AND MEANINGS OF PROGRAMS
      F.3.1 Specifying and Verifying and Reasoning about Programs
          Subjects: Mechanical verification; Specification techniques


General Terms:
Algorithms, Languages, Security, Verification


Keywords:
automatic verification, dynamic access control, logic programming

Collaborative Colleagues:
Avik Chaudhuri: colleagues
Prasad Naldurg: colleagues
Sriram K. Rajamani: colleagues
G. Ramalingam: colleagues
Lakshmisubrahmanyam Velaga: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player