Abstract
We study some of the concepts, protocols, and algorithms for access control in distributed systems, from a logical perspective. We account for how a principal may come to believe that another principal is making a request, either on his own or on someone else's behalf. We also provide a logical language for accesss control lists and theories for deciding whether requests should be granted.
- 1 ABADI, M., AND PLOTKIN, G. A logicat view of composition. Theor. Comput. $cu 116, 1 (June 1993), 3 30. Google Scholar
- 2 ABADI, M ,BURROWS, M., KAUFMAN, C., AND LAMPSON, B. Authentication and delegation with smart-cards. In Theoret~cal Aspects of Computer Software, Springer-Verlag Lecture Notes in Computer Science 526, Sept. 1991, 326-345. Google Scholar
- 3 ANDR~KA, H. Representations of distributive lattice-ordered semigroups with binary relations. Manuscript, Aug. 1989.Google Scholar
- 4 BURROWS, M., ABADI, M., AND NEEDHAM, R.M. A logic of authentication. Proceedmgs of the Royal Society of London A 326 (1989), 233-271.Google Scholar
- 5 CCITT. CCITT Blue Book, Recommendation X.509 and ISO 9594-8: The directoryauthentication framework. Geneva, March 1988.Google Scholar
- 6 CHANDRA, A., KOZEN, D., AND STOCKMEYER~ L. Alternation. J. A~M 28, 1 (Jan. 1981), 114 133. Google Scholar
- 7 DAM, M. Relevance logic and concurrent computation. In Proceedings of the Thwd IEEE Symposium on Log~e ~n Computer Science (July 1988), 178-185.Google Scholar
- 8 NATIONAL BUREAU OF STANDARDS. Data Encryption Standard. Fed. Inform. Processing Standards Pub. 46. Washington D.C , Jan. 1977.Google Scholar
- 9 D~Frm, W., AND HELLMAN, M. New directions m cryptography. IEEE Trans. Inf. Theor. IT-22, 6 (Nov. 1976), 644 654.Google Scholar
- 10 FABRY, R Capability-based addressing. Commun. ACM 17, 7 (July 1974), 403 412. Google Scholar
- 11 GASSER, M., GOLDSTEIN, A., KAUFMAN, C., AND LAMPSON, B. The Digital Distrihuted System Security Architecture. In Proceedzngs of thc 1989 Natwnal Computer Secumty Conference (Oct. 1989), 305-319.Google Scholar
- 12 (~'ASSER, M., AND i\~CDERMOTT, E. An architecture for practical delegation in a distributed system. In Proceedmgs of the 1990 IEEE Symposium on Secumty and Prwacy (May 1990), 20 30Google Scholar
- 13 GIRARD, J.-Y. Linear logic. Theor. Comput. $cu 50 (1987), 1-102. Google Scholar
- 14 HUGttES, G E , AND CRESSWELL, NI J An Introduction to Modal Logtc. Methuen, New York, 1968.Google Scholar
- 15 KOHL, J., NEUMAN, C., AND STEINER, J. The Kerberos network authentieation service (version 5, draft 3). Available by anonymous FTP from athena-dist.mit.edu, as /pub/doc/kerberos/V5DRAFT3-RFC.{PS,TXT}, Oct. 1990.Google Scholar
- 16 KOZEN, D A completeness theorem for Kleene algebras and the algebra of regular events. Cornell TR90-1123, May 1990.Google Scholar
- 17 LAMPSON, B., ABADI, M., BURROWS, M.~ AND WOBBER, E. Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10, 4 (November 1992), 265-310. Google Scholar
- 18 LEVY, H. Capab,lity-based Computer Systems. Digital Press, 1983. Google Scholar
- 19 MILLEa, S P., NEUMAN, C., SCHILLER, J.I.~ AND SALTZER, J.H. Kerberos authentication and authorization system. In Projcct Athena Techmcal Plan, Section E.2.1, MIT, July 1987.Google Scholar
- 20 NEEDHAM, R.}~{ ~ AND SCHROEDEP~, M.D. Usmg encryption for authentication in large networks of computers. Commun. ACM 21~ 12 (Dee. 1978), 993-999. Google Scholar
- 21 PRATT, V. Dynamie algebras as a well-behaved fragment of relation algebras. In Algebra~c Logic and Umversal Algebra in Computer Science, Springer-Verlag Lecture Notes in Computer Science 425, 1990, 77-110. Google Scholar
- 22 RIVEST, R.L , SHAMIR, A., AND ADLEMAN, L. A method for obtainmg digital signatures and public-key cryptosystems. Comraun. ACM 21, 2 (Feb. 1978), 120-126 Google Scholar
- 23 SALTZER, J., AND SCHROEDER, ~/i. The protection of information in computer systems. Proc. IEEE ~3, 9 (Sept. 1975), 1278 1308.Google Scholar
- 24 SOLLTNS, K Cascaded authentlcat~on. In Pvoceedmgs of the 1988 IEEE Symposium o~ Securzty and Pr~vacy (April 1988), 156-163.Google Scholar
- 25 VICKERS, S. Samson Abramsky on linear process logics. Foundatlon Workshop Notes, Oct - Nov. 1988.Google Scholar
- 26 YETTER, D N.Quantales and (noncommutatlve) linear logic. J. Symb Log~e 55, 1 (March 1990), 41 64.Google Scholar
Index Terms
- A calculus for access control in distributed systems
Recommendations
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Cryptography based access control in healthcare web systems
InfoSecCD '10: 2010 Information Security Curriculum Development ConferenceAccess control is the capacity of a particular subject (user, process) to permit or deny the use of a specific object (data, file). Access control mechanisms can be used in managing physical resources and logical resources. Cryptography access control ...
Relationship-based access control: protection model and policy language
CODASPY '11: Proceedings of the first ACM conference on Data and application security and privacySocial Network Systems pioneer a paradigm of access control that is distinct from traditional approaches to access control. Gates coined the term Relationship-Based Access Control (ReBAC) to refer to this paradigm. ReBAC is characterized by the explicit ...
Comments