Nexus authorization logic (NAL)
Abstract
Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on “says” and “speaks for” operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of document-viewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- May 01, 2011
- Source ID
- 10.1145/1952982.1952990
Entities
People
- Emin Gun Sirer
- Fred B. Schneider
- Kevin Walsh
Organizations
- Air Force Office of Scientific Research
- Air Force Research Laboratory
- Cornell University
- Division of Computing and Communication Foundations
- National Science Foundation
- Office of Naval Research