Authorization And Trust In Software Systems

Other Titles
Abstract

Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on "says" and "speaks for" operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a document-viewer application suite was implemented for the [alpha]-Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text; and a third viewer enforces policies that impose chain-ofcustody restrictions on stages of an image-editing pipeline. To study how compatible this approach to authorization is with existing principles for building trustworthy systems, a filesystem that pervasively instantiates a number of well-known security principles was implemented for [alpha]-Nexus. The design and overall performance of this filesystem was compared to a Linux filesystem that largely ignores the security principles.

Journal / Series
Volume & Issue
Description
Sponsorship
Date Issued
2012-01-31
Publisher
Keywords
Authorization; Trust; Computer Security
Location
Effective Date
Expiration Date
Sector
Employer
Union
Union Local
NAICS
Number of Workers
Committee Chair
Schneider, Fred Barry
Committee Co-Chair
Committee Member
Henderson, David W.
Myers, Andrew C.
Degree Discipline
Computer Science
Degree Name
Ph. D., Computer Science
Degree Level
Doctor of Philosophy
Related Version
Related DOI
Related To
Related Part
Based on Related Item
Has Other Format(s)
Part of Related Item
Related To
Related Publication(s)
Link(s) to Related Publication(s)
References
Link(s) to Reference(s)
Previously Published As
Government Document
ISBN
ISMN
ISSN
Other Identifiers
Rights
Rights URI
Types
dissertation or thesis
Accessibility Feature
Accessibility Hazard
Accessibility Summary
Link(s) to Catalog Record