How to replace failure by a list of successes
Proc. of a conference on Functional programming languages and computer architecture
Deriving backtracking monad transformers
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
A Proof Theory for Generic Judgments: An extended abstract
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Backtracking, interleaving, and terminating monad transformers: (functional pearl)
Proceedings of the tenth ACM SIGPLAN international conference on Functional programming
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Towards a declarative language and system for secure networking
NETB'07 Proceedings of the 3rd USENIX international workshop on Networking meets databases
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Socially constructed trust for distributed authorization
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Belief semantics of authorization logic
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
We describe the design and implementation of a trust-management system Soutei, a dialect of Binder, for access control in distributed systems. Soutei policies and credentials are written in a declarative logic-based security language and thus constitute distributed logic programs. Soutei policies are modular, concise, and readable. They support policy verification, and, despite the simplicity of the language, express role- and attribute-based access control lists, and conditional delegation. We describe the real-world deployment of Soutei into a publish-subscribe web service with distributed and compartmentalized administration, emphasizing the often overlooked aspect of authorizing the creation of resources and the corresponding policies. Soutei brings Binder from a research prototype into the real world. Supporting large, truly distributed policies required non-trivial changes to Binder, in particular mode-restriction and goal-directed top-down evaluation. To improve the robustness of our evaluator, we describe a fair and terminating backtracking algorithm.