SlideShare uma empresa Scribd logo

Constructive Access Control

Valeria de Paiva
Valeria de Paiva

This document summarizes a talk on constructive access control logics. It discusses how access control policies can be expressed using logical constructs like "A says s" and "A speaks for B". Several existing access control logics are mentioned that use lax modalities to represent these constructs. The talk questions whether less powerful logics could also effectively model access control and discusses potential applications of using logic to analyze and enforce access control policies.

EducaçãoNegóciosTecnologia
1 de 28
Baixar para ler offline
Constructive Access Control: Revisited? Valeria de Paiva Intelligent Systems Lab PARC (Joint work with Jessica Staddon, CSL)
Outline  Motivation: access control must be logic…  Background  Basic framework  A new system?  Discussion & applications Caveat: no expert, a talk to logicians interested in the problem… 11/09/09
Why the buzz about access control?  Ubiquity of computing and growth of the Internet turned Information Security into a central area of research in computer science.  Many areas within Information Security. For logicians there’s considerable work on logical methods for access control.  For example: – Abadi et al, 1993, Abadi, 2003, Abadi 2006 – Garg et al, 2006 – Garg, Pfenning 2006 – Garg, Abadi, 2008 » Thanks Martin and Deepak! 11/09/09
Access control in current practice (according to Abadi)  Access control is pervasive – applications – virtual machines – operating systems – firewalls – doors – …  Access control seems difficult to get right.  Distributed systems make it harder. 11/09/09
What is Access Control?  In computer security, access control consists in deciding whether an agent that requests some action should have his request granted or not.  Decisions are based on access control policies, the combination of several policies at different layers and from different entities.  A single policy may be easy to understand e.g. user Valeria may want to delete file1 and if she owns the file the admin should allow it.  But the consequences of even a single policy can get complicated, when there are many principals, many roles, many resources, delegation, revocation, etc. 11/09/09
The access control model Elements: – Resources – Requests – Sources for requests, called principals – A reference monitor to decide on requests – Control policies Dr of ee R e e e j nc Po m b iaa o O rl p n e c r i p t i oi nt n or c t S e Gs o q ue u u a o r R c e rR e s du t r c e 11/09/09
General theories and systems  Over the years, there have been many theories and systems for access control. – Logics – Languages – Infrastructures (e.g., PKIs) – Architectures  They aim to explain, organize, and unify access control.  We’re interested in logics and languages… 11/09/09
Access Control needs logic? “Although access control may sometimes seem conceptually straightforward, it is both complex and error-prone in practice. […] One may hope that logic would provide a simple, solid, and general foundation for access control, as well as methods for designing, implementing, and validating particular access control mechanisms. In fact, although logic is not a panacea, its applications in access control have been substantial and beneficial.” M. Abadi, Invited Address, LICS 2003 11/09/09
Access control needs logic  We need to combine access control policies, have groups of principals, revocation, delegation, roles, etc.  Things can get very complicated. There can be gaps, inconsistencies, ambiguity, loopholes, obscurity.  Systems can be easy to break and security is endangered. 11/09/09
On the other hand… (Constructive) Logic can:  Express policies – Admin says owns (Valeria, file) -> may_delete(Valeria, file)  Express authorization questions – Does Valeria have a proof of the proposition Admin says may_delete(Valeria, file)?  Logical proofs allow us: – Construct evidence (assemble proof) – Verify evidence (verify proof) – Reason from assumptions (given credentials) 11/09/09
Logics for Access Control  Encode and reason within policies  Analyze policies (reason about them) – Express (and reason about) private knowledge?  Prove properties of policies, check for unintended consequences. Enforce policies?  Proofs hard to construct, easy to verify – Lead to Proof Carrying Authorization Appel&Felten, Bauer  PCA insight : the user/ principal wanting access must construct a proof, the server will simply check the proof to grant access uses higher-order logic, can we make it simpler? 11/09/09
Logics of Access Control  Several systems proposed and studied.  Traditionally classical modal logics with extra constructs (Abadi et al 1993)  Garg&Pfenning(2006) have proposed a constructive lax logic of access control, non-interference  Abadi (2006) has proposed a lax logic based system DCC, non-interference  Garg et al(2006) have proposed a “linear” logic for access control, credentials are resources  Garg&Abadi(2008 to appear) have four systems based on lax logic 11/09/09
Background1: Principals  A principal is any user, machine, program, organization that – Either makes requests, or – Makes statements (policies)  Examples: – Humans: Alice, Bob, Charlie, ... – Users: 500, 501, admin, ... – Programs: MSWord, Acrobat Reader, ... – Organizations: CMU, SRI, ACM, Wells-Fargo... – Public keys: 0xaf5436, 0x123458 11/09/09
Background2: “A says s” Taking Garg&Abadi (GA08) as basic reference  Basic construct operator “says”: applied to principal A and formula s, “A says s”. - Abstracts away from implementation concerns  “A says s” means intuitively that A asserts or supports s, e.g. “A says delete-file1”.  Different access control logics have subtly different meanings for “says”.  Note similarity to “K attests A” in cyberlogic, where K is (has to be?) a public key, A is a formula 11/09/09
Background3: “speaks for”  Operator “speaks for”, applied to principals A and B, A => B  This is read “A speaks for B” and intuitively means that if A says s then B says s, for all s.  In particular if KAlice is the public key for Alice we have KAlice => Alice. also if S a server then S => Alice, if S is acting for Alice  Different access control logics have subtly different meanings for “speaks for”  Not fine-grained enough?  (Similar to cyberlogic’s delegation?) 11/09/09
Which logic of access control?  Intuitionistic basis, as we want – a Curry-Howard isomorphism, – evidence instead of truth – use proofs as witnesses for PCA  Have a collection of principals A, B,..  How do we represent logically the constructs for access control?  All recent work mentioned uses an indexed collection of lax modalities 11/09/09
What’s a lax modality?  A modality is an unary operator acting on propositions  Curry(1952) a possibility modality that half-behaves like a necessity one.  Like possibility, twice the modality implies it once. But like necessity as it satisfies distribution over implication.  Also known as computational logic, CL, (Benton, Bierman, de Paiva, JFP 1998)  Properties: s  A says s A says A says s  A says s A says (st)  (A says s)  (A says t) 11/09/09
Why lax modalities?  Need to model “A says s”  “says” has some characteristics of possibility: if “A says (A says s)” then “A says s”, if “A says (s->t)” then “A says s-> A says t”  Lax modalities buy you non-interference (Abadi06, GargPfenning06)  Lax modalities buy you “hand-off axiom”: if A says that B speaks for A then B does speak for A (Abadi06)  Lax modality well-understood logic type theory 11/09/09
How to do lax modalities?  Different proof systems: Moggi89,de Paiva et al 98, Mendler&Fairtlough97  Garg&Pfenning: ‘judgemental’ logic (2001)  Based on Martin-Loeuf’s ideas: intro and elim rules plus cut elim are the meaning of connectives  Works for S4-style connectives, dual-sized sequents (e.g. linear logic exponentials)  Can we do less powerful/less symmetric modalities? 11/09/09
Why not lax modalities?  Axiom (s -> A says s) means every principal says s, if s is true – Difficult to believe that principals are that ideal  Similarly, “speaks for” too strong  Alice would like to make sure that Bob speaks for her in certain circumstances, not for all s.  Maybe can use a simple K constructive modality for “says”… 11/09/09
A new system?  Caveat: work not really done…  But Curry-Howard Iso for Basic Modal Logic, (Bellin, de Paiva, Ritter, 2001)  Bug in published version, being corrected and extended now – Thanks to Kakutani (2006) for correcting it!  Type theory, semantics in place: – Normalization, subject reduction, soundness&completeness, internal language too  Non-interference works too, “hand off”? 11/09/09
Extensions  Garg: linear logic to deal with credentials that are consumable resources – Apparently proof-theory done, implementation is the problem – Garg et al 06, Bauer et al 06  Garg et al: temporal aspects of security in the works – I also want my versions with and without linear basis – Constructive temporal logics in the market not good 11/09/09
Applications?  A bit of unifying glee: 1995 proposal on logics of authentication  PCA for less expressive logics – Grey project at CMU interesting, but it would be nice if it could be simpler, Manifest Security?  Access control for multiple enterprise repositories: – What if our principals were the parties that need to cooperate when someone is buying a house? – Can our access control theories help out? – Some Stanford/PORTIA work on this direction 11/09/09
Conclusion  Logic clearly useful for access control  Multiple applications and opportunities  More work required on trade-offs between logical systems, automation, etc  Innovative applications may send the formalism into totally different directions 11/09/09
Thank you Questions? 11/09/09
References  Manifest Security for Distributed Information Karl Crary, Robert Harper, Frank Pfenning 2006  Garg&Abadi08, Garg&Pfenning06, Garg et al 06  PCA Appel&Felten 99, Bauer’s thesis 03 11/09/09
A calculus for access control [Abadi, Burrows, Lampson, and Plotkin, 1993]  A simple notation for assertions – A says s – A speaks for B (sometimes written A ⇒ B)  With logical rules – ⊢ A says (s → t) → (A says s) → (A says t) – If ⊢ s then ⊢ A says s. – ⊢ A speaks for B → (A says s) → (B says s) – ⊢ A speaks for A – ⊢ A speaks for B ∧ B speaks for C → A speaks for 11/09/09 C
Enforcing policies?  An access control policy can be presented as a logical theory in an access control logic  A principal is granted access to a resource if there is a formal proof that the principal is authorized the use of the resource according to the accepted policy  Constructivity buys you PCA? 11/09/09

Recomendados

Shebanq gniezno
Shebanq gnieznoShebanq gniezno
Shebanq gnieznoDirk Roorda
 
one public
one publicone public
one publicNitish Bhardwaj
 
Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝
Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝
Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝Naruhiko Ogasawara
 
Speaking agreements
Speaking agreementsSpeaking agreements
Speaking agreementsEscuela Pública Vespertina Agustín Melgar
 
utpl_Lasmejoresimagenes2007
utpl_Lasmejoresimagenes2007utpl_Lasmejoresimagenes2007
utpl_Lasmejoresimagenes2007Pao Sabando Viteri
 
inoxio erklärt agiles testing
inoxio erklärt agiles testinginoxio erklärt agiles testing
inoxio erklärt agiles testingTorsten Mangner
 
How I Use Derwent Innovations Index (DII)
How I Use Derwent Innovations Index (DII)How I Use Derwent Innovations Index (DII)
How I Use Derwent Innovations Index (DII)Bernie Chiu
 
491 team11 final
491 team11 final491 team11 final
491 team11 finalJinwoo Kim
 

Recomendados

Shebanq gniezno
Shebanq gnieznoShebanq gniezno
Shebanq gnieznoDirk Roorda
 
one public
one publicone public
one publicNitish Bhardwaj
 
Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝
Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝
Document Freedom Day & Mongo Summer Festival 2014 / DFDと納涼もんご祭り2014の宣伝Naruhiko Ogasawara
 
Speaking agreements
Speaking agreementsSpeaking agreements
Speaking agreementsEscuela Pública Vespertina Agustín Melgar
 
utpl_Lasmejoresimagenes2007
utpl_Lasmejoresimagenes2007utpl_Lasmejoresimagenes2007
utpl_Lasmejoresimagenes2007Pao Sabando Viteri
 
inoxio erklärt agiles testing
inoxio erklärt agiles testinginoxio erklärt agiles testing
inoxio erklärt agiles testingTorsten Mangner
 
How I Use Derwent Innovations Index (DII)
How I Use Derwent Innovations Index (DII)How I Use Derwent Innovations Index (DII)
How I Use Derwent Innovations Index (DII)Bernie Chiu
 
491 team11 final
491 team11 final491 team11 final
491 team11 finalJinwoo Kim
 
2007 iPres Beijing - MIXED: Preservation by migration to XML
2007 iPres Beijing - MIXED: Preservation by migration to XML2007 iPres Beijing - MIXED: Preservation by migration to XML
2007 iPres Beijing - MIXED: Preservation by migration to XMLDirk Roorda
 
인터렉티브 김지혜
인터렉티브 김지혜인터렉티브 김지혜
인터렉티브 김지혜jihaeariana
 
Periodismo (pero 'económico') - Lic.GigliBox
Periodismo (pero 'económico') - Lic.GigliBoxPeriodismo (pero 'económico') - Lic.GigliBox
Periodismo (pero 'económico') - Lic.GigliBoxCeleste Box
 
Institucional ThreeContent
Institucional ThreeContentInstitucional ThreeContent
Institucional ThreeContentThreeContent
 
Wielki WyśCigd2
Wielki WyśCigd2Wielki WyśCigd2
Wielki WyśCigd2studium
 
POSITIVE SIDE OF LIFE
POSITIVE SIDE OF LIFEPOSITIVE SIDE OF LIFE
POSITIVE SIDE OF LIFEHans Grover
 
LUK13
LUK13LUK13
LUK13LUK13
 
Uu 02 2000 Pjls
Uu 02 2000 PjlsUu 02 2000 Pjls
Uu 02 2000 PjlsPeople Power
 
Opening presentationevening.2011
Opening presentationevening.2011Opening presentationevening.2011
Opening presentationevening.2011jessievaz
 
Cv
CvCv
CvLydiaCharlotteCooke
 
Facundo mensaje
Facundo mensajeFacundo mensaje
Facundo mensajelartri
 
시에프와 타이포 피티 최종
시에프와 타이포 피티 최종시에프와 타이포 피티 최종
시에프와 타이포 피티 최종Young Ok Joeng
 
ZakręCona Zabawa D1
ZakręCona Zabawa D1ZakręCona Zabawa D1
ZakręCona Zabawa D1studium
 
Design is Thinking Made Visual
Design is Thinking Made VisualDesign is Thinking Made Visual
Design is Thinking Made Visualguest7b6896f
 
Jak Zuzia SpotkałA KsięCia D3
Jak Zuzia SpotkałA KsięCia D3Jak Zuzia SpotkałA KsięCia D3
Jak Zuzia SpotkałA KsięCia D3studium
 
Danonkowa łąka
Danonkowa łąkaDanonkowa łąka
Danonkowa łąkastudium
 
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)Iwl Pcu
 
Modern Techniques for Providing Security in Cloud Computing Environment
Modern Techniques for Providing Security in Cloud Computing EnvironmentModern Techniques for Providing Security in Cloud Computing Environment
Modern Techniques for Providing Security in Cloud Computing Environmentijsrd.com
 
Semantic technologies for the Internet of Things
Semantic technologies for the Internet of Things Semantic technologies for the Internet of Things
Semantic technologies for the Internet of Things PayamBarnaghi
 
Semantic IoT Semantic Inter-Operability Practices - Part 1
Semantic IoT Semantic Inter-Operability Practices - Part 1Semantic IoT Semantic Inter-Operability Practices - Part 1
Semantic IoT Semantic Inter-Operability Practices - Part 1iotest
 
Acupulco cda access v3-1
Acupulco cda access v3-1Acupulco cda access v3-1
Acupulco cda access v3-1eyetech
 
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-Automation
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-AutomationDevSecOps: A Secure SDLC in the Age of DevOps and Hyper-Automation
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-AutomationAlex Senkevitch
 

Mais conteúdo relacionado

Destaque

2007 iPres Beijing - MIXED: Preservation by migration to XML
2007 iPres Beijing - MIXED: Preservation by migration to XML2007 iPres Beijing - MIXED: Preservation by migration to XML
2007 iPres Beijing - MIXED: Preservation by migration to XMLDirk Roorda
 
인터렉티브 김지혜
인터렉티브 김지혜인터렉티브 김지혜
인터렉티브 김지혜jihaeariana
 
Periodismo (pero 'económico') - Lic.GigliBox
Periodismo (pero 'económico') - Lic.GigliBoxPeriodismo (pero 'económico') - Lic.GigliBox
Periodismo (pero 'económico') - Lic.GigliBoxCeleste Box
 
Institucional ThreeContent
Institucional ThreeContentInstitucional ThreeContent
Institucional ThreeContentThreeContent
 
Wielki WyśCigd2
Wielki WyśCigd2Wielki WyśCigd2
Wielki WyśCigd2studium
 
POSITIVE SIDE OF LIFE
POSITIVE SIDE OF LIFEPOSITIVE SIDE OF LIFE
POSITIVE SIDE OF LIFEHans Grover
 
LUK13
LUK13LUK13
LUK13LUK13
 
Opening presentationevening.2011
Opening presentationevening.2011Opening presentationevening.2011
Opening presentationevening.2011jessievaz
 
Facundo mensaje
Facundo mensajeFacundo mensaje
Facundo mensajelartri
 
시에프와 타이포 피티 최종
시에프와 타이포 피티 최종시에프와 타이포 피티 최종
시에프와 타이포 피티 최종Young Ok Joeng
 
ZakręCona Zabawa D1
ZakręCona Zabawa D1ZakręCona Zabawa D1
ZakręCona Zabawa D1studium
 
Design is Thinking Made Visual
Design is Thinking Made VisualDesign is Thinking Made Visual
Design is Thinking Made Visualguest7b6896f
 
Jak Zuzia SpotkałA KsięCia D3
Jak Zuzia SpotkałA KsięCia D3Jak Zuzia SpotkałA KsięCia D3
Jak Zuzia SpotkałA KsięCia D3studium
 
Danonkowa łąka
Danonkowa łąkaDanonkowa łąka
Danonkowa łąkastudium
 
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)Iwl Pcu
 

Destaque (17)

2007 iPres Beijing - MIXED: Preservation by migration to XML
2007 iPres Beijing - MIXED: Preservation by migration to XML2007 iPres Beijing - MIXED: Preservation by migration to XML
2007 iPres Beijing - MIXED: Preservation by migration to XML
 
인터렉티브 김지혜
인터렉티브 김지혜인터렉티브 김지혜
인터렉티브 김지혜
 
Periodismo (pero 'económico') - Lic.GigliBox
Periodismo (pero 'económico') - Lic.GigliBoxPeriodismo (pero 'económico') - Lic.GigliBox
Periodismo (pero 'económico') - Lic.GigliBox
 
Institucional ThreeContent
Institucional ThreeContentInstitucional ThreeContent
Institucional ThreeContent
 
Wielki WyśCigd2
Wielki WyśCigd2Wielki WyśCigd2
Wielki WyśCigd2
 
POSITIVE SIDE OF LIFE
POSITIVE SIDE OF LIFEPOSITIVE SIDE OF LIFE
POSITIVE SIDE OF LIFE
 
LUK13
LUK13LUK13
LUK13
 
Uu 02 2000 Pjls
Uu 02 2000 PjlsUu 02 2000 Pjls
Uu 02 2000 Pjls
 
Opening presentationevening.2011
Opening presentationevening.2011Opening presentationevening.2011
Opening presentationevening.2011
 
Cv
CvCv
Cv
 
Facundo mensaje
Facundo mensajeFacundo mensaje
Facundo mensaje
 
시에프와 타이포 피티 최종
시에프와 타이포 피티 최종시에프와 타이포 피티 최종
시에프와 타이포 피티 최종
 
ZakręCona Zabawa D1
ZakręCona Zabawa D1ZakręCona Zabawa D1
ZakręCona Zabawa D1
 
Design is Thinking Made Visual
Design is Thinking Made VisualDesign is Thinking Made Visual
Design is Thinking Made Visual
 
Jak Zuzia SpotkałA KsięCia D3
Jak Zuzia SpotkałA KsięCia D3Jak Zuzia SpotkałA KsięCia D3
Jak Zuzia SpotkałA KsięCia D3
 
Danonkowa łąka
Danonkowa łąkaDanonkowa łąka
Danonkowa łąka
 
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)
Managing Transboundary Risks in the Iullemeden Aquifer System (Dodo)
 

Semelhante a Constructive Access Control

Modern Techniques for Providing Security in Cloud Computing Environment
Modern Techniques for Providing Security in Cloud Computing EnvironmentModern Techniques for Providing Security in Cloud Computing Environment
Modern Techniques for Providing Security in Cloud Computing Environmentijsrd.com
 
Semantic technologies for the Internet of Things
Semantic technologies for the Internet of Things Semantic technologies for the Internet of Things
Semantic technologies for the Internet of Things PayamBarnaghi
 
Semantic IoT Semantic Inter-Operability Practices - Part 1
Semantic IoT Semantic Inter-Operability Practices - Part 1Semantic IoT Semantic Inter-Operability Practices - Part 1
Semantic IoT Semantic Inter-Operability Practices - Part 1iotest
 
Acupulco cda access v3-1
Acupulco cda access v3-1Acupulco cda access v3-1
Acupulco cda access v3-1eyetech
 
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-Automation
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-AutomationDevSecOps: A Secure SDLC in the Age of DevOps and Hyper-Automation
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-AutomationAlex Senkevitch
 
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityOntology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityBarry Smith
 
Criticism of the scientific paper
Criticism of the scientific paperCriticism of the scientific paper
Criticism of the scientific paperDr. Hamdan Al-Sabri
 
Design Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationDesign Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationTechWell
 
20120718 linkedopendataandnextgenerationsciencemcguinnessesip final
20120718 linkedopendataandnextgenerationsciencemcguinnessesip final20120718 linkedopendataandnextgenerationsciencemcguinnessesip final
20120718 linkedopendataandnextgenerationsciencemcguinnessesip finalDeborah McGuinness
 
Query Processing with k-Anonymity
Query Processing with k-AnonymityQuery Processing with k-Anonymity
Query Processing with k-AnonymityWaqas Tariq
 
What Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud SecurityWhat Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud Securitycraigbalding
 
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...PROIDEA
 
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...PROIDEA
 
Natural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect WorldNatural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect WorldVital.AI
 
Semantic Web in Action: Ontology-driven information search, integration and a...
Semantic Web in Action: Ontology-driven information search, integration and a...Semantic Web in Action: Ontology-driven information search, integration and a...
Semantic Web in Action: Ontology-driven information search, integration and a...Amit Sheth
 
Operating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfOperating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfDrAmarNathDhebla
 
Better integrations through open interfaces
Better integrations through open interfacesBetter integrations through open interfaces
Better integrations through open interfacesSteve Speicher
 
Using construction grammar in conversational systems
Using construction grammar in conversational systemsUsing construction grammar in conversational systems
Using construction grammar in conversational systemsCJ Jenkins
 
Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...
Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...
Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...Stijn (Stan) Christiaens
 

Semelhante a Constructive Access Control (20)

Modern Techniques for Providing Security in Cloud Computing Environment
Modern Techniques for Providing Security in Cloud Computing EnvironmentModern Techniques for Providing Security in Cloud Computing Environment
Modern Techniques for Providing Security in Cloud Computing Environment
 
Semantic technologies for the Internet of Things
Semantic technologies for the Internet of Things Semantic technologies for the Internet of Things
Semantic technologies for the Internet of Things
 
Semantic IoT Semantic Inter-Operability Practices - Part 1
Semantic IoT Semantic Inter-Operability Practices - Part 1Semantic IoT Semantic Inter-Operability Practices - Part 1
Semantic IoT Semantic Inter-Operability Practices - Part 1
 
Acupulco cda access v3-1
Acupulco cda access v3-1Acupulco cda access v3-1
Acupulco cda access v3-1
 
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-Automation
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-AutomationDevSecOps: A Secure SDLC in the Age of DevOps and Hyper-Automation
DevSecOps: A Secure SDLC in the Age of DevOps and Hyper-Automation
 
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and SecurityOntology Tutorial: Semantic Technology for Intelligence, Defense and Security
Ontology Tutorial: Semantic Technology for Intelligence, Defense and Security
 
Criticism of the scientific paper
Criticism of the scientific paperCriticism of the scientific paper
Criticism of the scientific paper
 
Design Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through ImplementationDesign Patterns Explained: From Analysis through Implementation
Design Patterns Explained: From Analysis through Implementation
 
20120718 linkedopendataandnextgenerationsciencemcguinnessesip final
20120718 linkedopendataandnextgenerationsciencemcguinnessesip final20120718 linkedopendataandnextgenerationsciencemcguinnessesip final
20120718 linkedopendataandnextgenerationsciencemcguinnessesip final
 
Query Processing with k-Anonymity
Query Processing with k-AnonymityQuery Processing with k-Anonymity
Query Processing with k-Anonymity
 
What Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud SecurityWhat Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud Security
 
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
 
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
JDD2015: Sustainability Supporting Data Variability: Keeping Core Components ...
 
Natural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect WorldNatural Language Processing & Semantic Models in an Imperfect World
Natural Language Processing & Semantic Models in an Imperfect World
 
Semantic Web in Action: Ontology-driven information search, integration and a...
Semantic Web in Action: Ontology-driven information search, integration and a...Semantic Web in Action: Ontology-driven information search, integration and a...
Semantic Web in Action: Ontology-driven information search, integration and a...
 
Operating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfOperating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdf
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
Better integrations through open interfaces
Better integrations through open interfacesBetter integrations through open interfaces
Better integrations through open interfaces
 
Using construction grammar in conversational systems
Using construction grammar in conversational systemsUsing construction grammar in conversational systems
Using construction grammar in conversational systems
 
Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...
Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...
Successfully Kickstarting Data Governance's Social Dynamics: Define, Collabor...
 

Mais de Valeria de Paiva

Dialectica Categorical Constructions
Dialectica Categorical ConstructionsDialectica Categorical Constructions
Dialectica Categorical ConstructionsValeria de Paiva
 
Logic & Representation 2021
Logic & Representation 2021Logic & Representation 2021
Logic & Representation 2021Valeria de Paiva
 
Constructive Modal and Linear Logics
Constructive Modal and Linear LogicsConstructive Modal and Linear Logics
Constructive Modal and Linear LogicsValeria de Paiva
 
Dialectica Categories Revisited
Dialectica Categories RevisitedDialectica Categories Revisited
Dialectica Categories RevisitedValeria de Paiva
 
Networked Mathematics: NLP tools for Better Science
Networked Mathematics: NLP tools for Better ScienceNetworked Mathematics: NLP tools for Better Science
Networked Mathematics: NLP tools for Better ScienceValeria de Paiva
 
Going Without: a modality and its role
Going Without: a modality and its roleGoing Without: a modality and its role
Going Without: a modality and its roleValeria de Paiva
 
Problemas de Kolmogorov-Veloso
Problemas de Kolmogorov-VelosoProblemas de Kolmogorov-Veloso
Problemas de Kolmogorov-VelosoValeria de Paiva
 
Natural Language Inference: for Humans and Machines
Natural Language Inference: for Humans and MachinesNatural Language Inference: for Humans and Machines
Natural Language Inference: for Humans and MachinesValeria de Paiva
 
The importance of Being Erneast: Open datasets in Portuguese
The importance of Being Erneast: Open datasets in PortugueseThe importance of Being Erneast: Open datasets in Portuguese
The importance of Being Erneast: Open datasets in PortugueseValeria de Paiva
 
Negation in the Ecumenical System
Negation in the Ecumenical SystemNegation in the Ecumenical System
Negation in the Ecumenical SystemValeria de Paiva
 
Constructive Modal and Linear Logics
Constructive Modal and Linear LogicsConstructive Modal and Linear Logics
Constructive Modal and Linear LogicsValeria de Paiva
 
Semantics and Reasoning for NLP, AI and ACT
Semantics and Reasoning for NLP, AI and ACTSemantics and Reasoning for NLP, AI and ACT
Semantics and Reasoning for NLP, AI and ACTValeria de Paiva
 
Categorical Explicit Substitutions
Categorical Explicit SubstitutionsCategorical Explicit Substitutions
Categorical Explicit SubstitutionsValeria de Paiva
 
Logic and Probabilistic Methods for Dialog
Logic and Probabilistic Methods for DialogLogic and Probabilistic Methods for Dialog
Logic and Probabilistic Methods for DialogValeria de Paiva
 
Intuitive Semantics for Full Intuitionistic Linear Logic (2014)
Intuitive Semantics for Full Intuitionistic Linear Logic (2014)Intuitive Semantics for Full Intuitionistic Linear Logic (2014)
Intuitive Semantics for Full Intuitionistic Linear Logic (2014)Valeria de Paiva
 

Mais de Valeria de Paiva (20)

Dialectica Comonoids
Dialectica ComonoidsDialectica Comonoids
Dialectica Comonoids
 
Dialectica Categorical Constructions
Dialectica Categorical ConstructionsDialectica Categorical Constructions
Dialectica Categorical Constructions
 
Logic & Representation 2021
Logic & Representation 2021Logic & Representation 2021
Logic & Representation 2021
 
Constructive Modal and Linear Logics
Constructive Modal and Linear LogicsConstructive Modal and Linear Logics
Constructive Modal and Linear Logics
 
Dialectica Categories Revisited
Dialectica Categories RevisitedDialectica Categories Revisited
Dialectica Categories Revisited
 
PLN para Tod@s
PLN para Tod@sPLN para Tod@s
PLN para Tod@s
 
Networked Mathematics: NLP tools for Better Science
Networked Mathematics: NLP tools for Better ScienceNetworked Mathematics: NLP tools for Better Science
Networked Mathematics: NLP tools for Better Science
 
Going Without: a modality and its role
Going Without: a modality and its roleGoing Without: a modality and its role
Going Without: a modality and its role
 
Problemas de Kolmogorov-Veloso
Problemas de Kolmogorov-VelosoProblemas de Kolmogorov-Veloso
Problemas de Kolmogorov-Veloso
 
Natural Language Inference: for Humans and Machines
Natural Language Inference: for Humans and MachinesNatural Language Inference: for Humans and Machines
Natural Language Inference: for Humans and Machines
 
Dialectica Petri Nets
Dialectica Petri NetsDialectica Petri Nets
Dialectica Petri Nets
 
The importance of Being Erneast: Open datasets in Portuguese
The importance of Being Erneast: Open datasets in PortugueseThe importance of Being Erneast: Open datasets in Portuguese
The importance of Being Erneast: Open datasets in Portuguese
 
Negation in the Ecumenical System
Negation in the Ecumenical SystemNegation in the Ecumenical System
Negation in the Ecumenical System
 
Constructive Modal and Linear Logics
Constructive Modal and Linear LogicsConstructive Modal and Linear Logics
Constructive Modal and Linear Logics
 
Semantics and Reasoning for NLP, AI and ACT
Semantics and Reasoning for NLP, AI and ACTSemantics and Reasoning for NLP, AI and ACT
Semantics and Reasoning for NLP, AI and ACT
 
NLCS 2013 opening slides
NLCS 2013 opening slidesNLCS 2013 opening slides
NLCS 2013 opening slides
 
Dialectica Comonads
Dialectica ComonadsDialectica Comonads
Dialectica Comonads
 
Categorical Explicit Substitutions
Categorical Explicit SubstitutionsCategorical Explicit Substitutions
Categorical Explicit Substitutions
 
Logic and Probabilistic Methods for Dialog
Logic and Probabilistic Methods for DialogLogic and Probabilistic Methods for Dialog
Logic and Probabilistic Methods for Dialog
 
Intuitive Semantics for Full Intuitionistic Linear Logic (2014)
Intuitive Semantics for Full Intuitionistic Linear Logic (2014)Intuitive Semantics for Full Intuitionistic Linear Logic (2014)
Intuitive Semantics for Full Intuitionistic Linear Logic (2014)
 

Último

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 

Último (20)

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 

Constructive Access Control

  • 1. Constructive Access Control: Revisited? Valeria de Paiva Intelligent Systems Lab PARC (Joint work with Jessica Staddon, CSL)
  • 2. Outline  Motivation: access control must be logic…  Background  Basic framework  A new system?  Discussion & applications Caveat: no expert, a talk to logicians interested in the problem… 11/09/09
  • 3. Why the buzz about access control?  Ubiquity of computing and growth of the Internet turned Information Security into a central area of research in computer science.  Many areas within Information Security. For logicians there’s considerable work on logical methods for access control.  For example: – Abadi et al, 1993, Abadi, 2003, Abadi 2006 – Garg et al, 2006 – Garg, Pfenning 2006 – Garg, Abadi, 2008 » Thanks Martin and Deepak! 11/09/09
  • 4. Access control in current practice (according to Abadi)  Access control is pervasive – applications – virtual machines – operating systems – firewalls – doors – …  Access control seems difficult to get right.  Distributed systems make it harder. 11/09/09
  • 5. What is Access Control?  In computer security, access control consists in deciding whether an agent that requests some action should have his request granted or not.  Decisions are based on access control policies, the combination of several policies at different layers and from different entities.  A single policy may be easy to understand e.g. user Valeria may want to delete file1 and if she owns the file the admin should allow it.  But the consequences of even a single policy can get complicated, when there are many principals, many roles, many resources, delegation, revocation, etc. 11/09/09
  • 6. The access control model Elements: – Resources – Requests – Sources for requests, called principals – A reference monitor to decide on requests – Control policies Dr of ee R e e e j nc Po m b iaa o O rl p n e c r i p t i oi nt n or c t S e Gs o q ue u u a o r R c e rR e s du t r c e 11/09/09
  • 7. General theories and systems  Over the years, there have been many theories and systems for access control. – Logics – Languages – Infrastructures (e.g., PKIs) – Architectures  They aim to explain, organize, and unify access control.  We’re interested in logics and languages… 11/09/09
  • 8. Access Control needs logic? “Although access control may sometimes seem conceptually straightforward, it is both complex and error-prone in practice. […] One may hope that logic would provide a simple, solid, and general foundation for access control, as well as methods for designing, implementing, and validating particular access control mechanisms. In fact, although logic is not a panacea, its applications in access control have been substantial and beneficial.” M. Abadi, Invited Address, LICS 2003 11/09/09
  • 9. Access control needs logic  We need to combine access control policies, have groups of principals, revocation, delegation, roles, etc.  Things can get very complicated. There can be gaps, inconsistencies, ambiguity, loopholes, obscurity.  Systems can be easy to break and security is endangered. 11/09/09
  • 10. On the other hand… (Constructive) Logic can:  Express policies – Admin says owns (Valeria, file) -> may_delete(Valeria, file)  Express authorization questions – Does Valeria have a proof of the proposition Admin says may_delete(Valeria, file)?  Logical proofs allow us: – Construct evidence (assemble proof) – Verify evidence (verify proof) – Reason from assumptions (given credentials) 11/09/09
  • 11. Logics for Access Control  Encode and reason within policies  Analyze policies (reason about them) – Express (and reason about) private knowledge?  Prove properties of policies, check for unintended consequences. Enforce policies?  Proofs hard to construct, easy to verify – Lead to Proof Carrying Authorization Appel&Felten, Bauer  PCA insight : the user/ principal wanting access must construct a proof, the server will simply check the proof to grant access uses higher-order logic, can we make it simpler? 11/09/09
  • 12. Logics of Access Control  Several systems proposed and studied.  Traditionally classical modal logics with extra constructs (Abadi et al 1993)  Garg&Pfenning(2006) have proposed a constructive lax logic of access control, non-interference  Abadi (2006) has proposed a lax logic based system DCC, non-interference  Garg et al(2006) have proposed a “linear” logic for access control, credentials are resources  Garg&Abadi(2008 to appear) have four systems based on lax logic 11/09/09
  • 13. Background1: Principals  A principal is any user, machine, program, organization that – Either makes requests, or – Makes statements (policies)  Examples: – Humans: Alice, Bob, Charlie, ... – Users: 500, 501, admin, ... – Programs: MSWord, Acrobat Reader, ... – Organizations: CMU, SRI, ACM, Wells-Fargo... – Public keys: 0xaf5436, 0x123458 11/09/09
  • 14. Background2: “A says s” Taking Garg&Abadi (GA08) as basic reference  Basic construct operator “says”: applied to principal A and formula s, “A says s”. - Abstracts away from implementation concerns  “A says s” means intuitively that A asserts or supports s, e.g. “A says delete-file1”.  Different access control logics have subtly different meanings for “says”.  Note similarity to “K attests A” in cyberlogic, where K is (has to be?) a public key, A is a formula 11/09/09
  • 15. Background3: “speaks for”  Operator “speaks for”, applied to principals A and B, A => B  This is read “A speaks for B” and intuitively means that if A says s then B says s, for all s.  In particular if KAlice is the public key for Alice we have KAlice => Alice. also if S a server then S => Alice, if S is acting for Alice  Different access control logics have subtly different meanings for “speaks for”  Not fine-grained enough?  (Similar to cyberlogic’s delegation?) 11/09/09
  • 16. Which logic of access control?  Intuitionistic basis, as we want – a Curry-Howard isomorphism, – evidence instead of truth – use proofs as witnesses for PCA  Have a collection of principals A, B,..  How do we represent logically the constructs for access control?  All recent work mentioned uses an indexed collection of lax modalities 11/09/09
  • 17. What’s a lax modality?  A modality is an unary operator acting on propositions  Curry(1952) a possibility modality that half-behaves like a necessity one.  Like possibility, twice the modality implies it once. But like necessity as it satisfies distribution over implication.  Also known as computational logic, CL, (Benton, Bierman, de Paiva, JFP 1998)  Properties: s  A says s A says A says s  A says s A says (st)  (A says s)  (A says t) 11/09/09
  • 18. Why lax modalities?  Need to model “A says s”  “says” has some characteristics of possibility: if “A says (A says s)” then “A says s”, if “A says (s->t)” then “A says s-> A says t”  Lax modalities buy you non-interference (Abadi06, GargPfenning06)  Lax modalities buy you “hand-off axiom”: if A says that B speaks for A then B does speak for A (Abadi06)  Lax modality well-understood logic type theory 11/09/09
  • 19. How to do lax modalities?  Different proof systems: Moggi89,de Paiva et al 98, Mendler&Fairtlough97  Garg&Pfenning: ‘judgemental’ logic (2001)  Based on Martin-Loeuf’s ideas: intro and elim rules plus cut elim are the meaning of connectives  Works for S4-style connectives, dual-sized sequents (e.g. linear logic exponentials)  Can we do less powerful/less symmetric modalities? 11/09/09
  • 20. Why not lax modalities?  Axiom (s -> A says s) means every principal says s, if s is true – Difficult to believe that principals are that ideal  Similarly, “speaks for” too strong  Alice would like to make sure that Bob speaks for her in certain circumstances, not for all s.  Maybe can use a simple K constructive modality for “says”… 11/09/09
  • 21. A new system?  Caveat: work not really done…  But Curry-Howard Iso for Basic Modal Logic, (Bellin, de Paiva, Ritter, 2001)  Bug in published version, being corrected and extended now – Thanks to Kakutani (2006) for correcting it!  Type theory, semantics in place: – Normalization, subject reduction, soundness&completeness, internal language too  Non-interference works too, “hand off”? 11/09/09
  • 22. Extensions  Garg: linear logic to deal with credentials that are consumable resources – Apparently proof-theory done, implementation is the problem – Garg et al 06, Bauer et al 06  Garg et al: temporal aspects of security in the works – I also want my versions with and without linear basis – Constructive temporal logics in the market not good 11/09/09
  • 23. Applications?  A bit of unifying glee: 1995 proposal on logics of authentication  PCA for less expressive logics – Grey project at CMU interesting, but it would be nice if it could be simpler, Manifest Security?  Access control for multiple enterprise repositories: – What if our principals were the parties that need to cooperate when someone is buying a house? – Can our access control theories help out? – Some Stanford/PORTIA work on this direction 11/09/09
  • 24. Conclusion  Logic clearly useful for access control  Multiple applications and opportunities  More work required on trade-offs between logical systems, automation, etc  Innovative applications may send the formalism into totally different directions 11/09/09
  • 26. References  Manifest Security for Distributed Information Karl Crary, Robert Harper, Frank Pfenning 2006  Garg&Abadi08, Garg&Pfenning06, Garg et al 06  PCA Appel&Felten 99, Bauer’s thesis 03 11/09/09
  • 27. A calculus for access control [Abadi, Burrows, Lampson, and Plotkin, 1993]  A simple notation for assertions – A says s – A speaks for B (sometimes written A ⇒ B)  With logical rules – ⊢ A says (s → t) → (A says s) → (A says t) – If ⊢ s then ⊢ A says s. – ⊢ A speaks for B → (A says s) → (B says s) – ⊢ A speaks for A – ⊢ A speaks for B ∧ B speaks for C → A speaks for 11/09/09 C
  • 28. Enforcing policies?  An access control policy can be presented as a logical theory in an access control logic  A principal is granted access to a resource if there is a formal proof that the principal is authorized the use of the resource according to the accepted policy  Constructivity buys you PCA? 11/09/09