eCommons

 

Nexus Authorization Logic (NAL): Design Rationale and Applications

Other Titles

Abstract

Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics based on "says" and "speaksfor" operators, enabling within a single framework request authorization to depend on (i) the source or pedigree of the requester, (ii) the outcome of performing an analysis on the requester, or (iii) the use of trusted software to encapsulate or modify the requester. Prototype document-viewer applications that enforce integrity and confidentiality of document contents - all implemented on the Nexus operating system - illustrate the convenience and expressive power of this approach to authorization.

Journal / Series

Volume & Issue

Description

Categories and Subject Descriptors: D.2.0 [General]: Protection mechanisms; D.4.6 [Security and Protection]: Access controls

Sponsorship

Supported in part by NICECAP cooperative agreement FA8750-07-2-0037 administered by AFRL, AFOSR grant F9550-06-0019, National Science Foundation grants 0430161 and CCF-04424422(TRUST), ONR grant N00014-01-1-0968, and grants from Microsoft and Intel.

Date Issued

2009-09-14T19:12:05Z

Publisher

Keywords

Authorization Logic; Credentials-based Authorizations; CDD; Security

Location

Effective Date

Expiration Date

Sector

Employer

Union

Union Local

NAICS

Number of Workers

Committee Chair

Committee Co-Chair

Committee Member

Degree Discipline

Degree Name

Degree Level

Related Version

Related DOI

Related To

Related Part

Based on Related Item

Has Other Format(s)

Part of Related Item

Related To

Related Publication(s)

Link(s) to Related Publication(s)

References

Link(s) to Reference(s)

Previously Published As

Government Document

ISBN

ISMN

ISSN

Other Identifiers

Rights

Rights URI

Types

Accessibility Feature

Accessibility Hazard

Accessibility Summary

Link(s) to Catalog Record