ABSTRACT
We present EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems. Our language extends Datalog with some carefully designed constructs that allow the introduction and transformation of new relations. For example, these constructs can model the creation of processes and objects, and the modification of their security labels at runtime. The information-flow properties of such systems can be analyzed by asking queries in this language. We show that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog, and further, under some restrictions, to efficient query evaluation in Datalog.
We implement these reductions in our tool, and demonstrate its scope through several case studies.
In particular, we study in detail the dynamic access control models of the Windows Vista and Asbestos operating systems. We also automatically prove the security of a webserver running on Asbestos.
- M. Abadi and Z. Manna. Temporal logic programming. Journal of Symbolic Computing, 8(3):277--295, 1989. Google ScholarDigital Library
- M. Becker, C. Fournet, and A. Gordon. Design and semantics of a decentralized authorization language. In CSF'07: Computer Security Foundations Symposium. IEEE, 2007. Google ScholarDigital Library
- D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corp., 1975.Google Scholar
- K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, MITRE Corp., 1977.Google Scholar
- B. Blanchet. An efficient cryptographic protocol verifier based on prolog rules. In CSFW'01: Computer Security Foundations Workshop, page 82. IEEE, 2001. Google ScholarDigital Library
- A. Chaudhuri, P. Naldurg, and S. Rajamani. A type system for data-flow integrity on Windows Vista. In PLAS'08: Programming Languages and Analysis for Security, pages 89--100. ACM, 2008. Google ScholarDigital Library
- A. Chaudhuri, P. Naldurg, S. Rajamani, G. Ramalingam, and L. Velaga. EON: Modeling and analyzing dynamic access control systems with logic programs. Technical Report MSR-TR-2008-21, Microsoft Research, 2008. See http://www.soe.ucsc.edu/avik/projects/EON/. Google Scholar
- M. Conover. Analysis of the windows vista security model. Symantec Report. Available at www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf.Google Scholar
- D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, 1976. Google ScholarDigital Library
- D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In IJCAR'06: International Joint Conference on Automated Reasoning, 2006. Google ScholarDigital Library
- P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In SOSP'05: Symposium on Operating Systems Principles, pages 17--30. ACM, 2005. Google ScholarDigital Library
- A. Y. Halevy, I. S. Mumick, Y. Sagiv, and O. Shmueli. Static analysis in datalog extensions. Journal of the ACM, 48(5):971--1012, 2001. Google ScholarDigital Library
- M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. On protection in operating systems. In SOSP'75: Symposium on Operating systems Principles, pages 14--24. ACM, 1975. Google ScholarDigital Library
- B. W. Lampson. Protection. ACM Operating Systems Review, 8(1):18--24, Jan 1974. Google ScholarDigital Library
- P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, J. Turner, and J. Farrell. The inevitability of failure: The flawed assumption of security in modern computing environments. Technical report, NSA, 1995.Google Scholar
- P. Naldurg, S. Schwoon, S. Rajamani, and J. Lambert. Netra: seeing through access control. In FMSE'06: Formal Methods in Security Engineering, pages 55--66. ACM, 2006. Google ScholarDigital Library
- M. A. Orgun. On temporal deductive databases. Computational Intelligence, 12:235--259, 1996.Google ScholarCross Ref
- B. Sarna-Starosta and S. D. Stoller. Policy analysis for security-enhanced linux. In WITS'04: Workshop on Issues in the Theory of Security, 2004. Available at http://www.cs.sunysb.edu/stoller/WITS2004.html.Google Scholar
- S. D. Stoller, P. Yang, C. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control. In CCS'07: Conference on Computer and Communications Security. ACM, 2007. Google ScholarDigital Library
- J. D. Ullman. Principles of Database and Knowledge-base Systems, Volume II: The New Technologies. Computer Science Press, New York, 1989. Google ScholarDigital Library
- S. Zdancewic and A. C. Myers. Robust declassification. In CSFW'01: Computer Security Foundations Workshop, pages 5--16. IEEE, 2001. Google ScholarDigital Library
Index Terms
- EON: modeling and analyzing dynamic access control systems with logic programs
Recommendations
From answer set logic programming to circumscription via logic of GK
We first embed Pearce's equilibrium logic and Ferraris's propositional general logic programs in Lin and Shoham's logic of GK, a nonmonotonic modal logic that has been shown to include as special cases both Reiter's default logic in the propositional ...
On goal-directed provability in classical logic
One of the key features of logic programming is the notion of goal-directed provability. In intuitionistic logic, the notion of uniform proof has been used as a proof-theoretic characterization of this property. Whilst the connections between ...
A Dynamic Logic-Based Modal Prolog
MICAI '12: Proceedings of the 2012 11th Mexican International Conference on Artificial IntelligenceThe field of modal logic programming has been developed to extend the expressiveness of logic programming. By introducing the modal operators of necessity and possibility within the language of Horn clauses, modal logic programming languages retain its ...
Comments