Show simple item record

dc.contributor.authorSchneider, Fred B.
dc.contributor.authorWalsh, Kevin
dc.contributor.authorSirer, Emin Gun
dc.descriptionCategories and Subject Descriptors: D.2.0 [General]: Protection mechanisms; D.4.6 [Security and Protection]: Access controlsen_US
dc.description.abstractNexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics based on "says" and "speaksfor" operators, enabling within a single framework request authorization to depend on (i) the source or pedigree of the requester, (ii) the outcome of performing an analysis on the requester, or (iii) the use of trusted software to encapsulate or modify the requester. Prototype document-viewer applications that enforce integrity and confidentiality of document contents - all implemented on the Nexus operating system - illustrate the convenience and expressive power of this approach to authorization.en_US
dc.description.sponsorshipSupported in part by NICECAP cooperative agreement FA8750-07-2-0037 administered by AFRL, AFOSR grant F9550-06-0019, National Science Foundation grants 0430161 and CCF-04424422(TRUST), ONR grant N00014-01-1-0968, and grants from Microsoft and Intel.en_US
dc.subjectAuthorization Logicen_US
dc.subjectCredentials-based Authorizationsen_US
dc.titleNexus Authorization Logic (NAL): Design Rationale and Applicationsen_US

Files in this item


This item appears in the following Collection(s)

Show simple item record