Soutei, a logic-based trust-management system

Authors:
Andrew Pimlott;Oleg Kiselyov
Affiliations:
Planning Systems, Inc., Slidell, LA;Fleet Numerical Meteorology and Oceanography Center, Monterey, CA
Venue:
FLOPS'06 Proceedings of the 8th international conference on Functional and Logic Programming
Year:
2006

Citing 10
Cited 5

How to replace failure by a list of successes

Proc. of a conference on Functional programming languages and computer architecture
Deriving backtracking monad transformers

ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
DATALOG with Constraints: A Foundation for Trust Management Languages

PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
A Proof Theory for Generic Judgments: An extended abstract

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Logic in Access Control

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Binder, a Logic-Based Security Language

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Quantitative Study of Firewall Configuration Errors

Computer
Verification and change-impact analysis of access-control policies

Proceedings of the 27th international conference on Software engineering
Backtracking, interleaving, and terminating monad transformers: (functional pearl)

Proceedings of the tenth ACM SIGPLAN international conference on Functional programming
Decentralized trust management

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Towards a declarative language and system for secure networking

NETB'07 Proceedings of the 3rd USENIX international workshop on Networking meets databases
Nexus authorization logic (NAL): Design rationale and applications

ACM Transactions on Information and System Security (TISSEC)
Socially constructed trust for distributed authorization

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Specifying and reasoning about dynamic access-control policies

IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Belief semantics of authorization logic

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe the design and implementation of a trust-management system Soutei, a dialect of Binder, for access control in distributed systems. Soutei policies and credentials are written in a declarative logic-based security language and thus constitute distributed logic programs. Soutei policies are modular, concise, and readable. They support policy verification, and, despite the simplicity of the language, express role- and attribute-based access control lists, and conditional delegation. We describe the real-world deployment of Soutei into a publish-subscribe web service with distributed and compartmentalized administration, emphasizing the often overlooked aspect of authorizing the creation of resources and the corresponding policies. Soutei brings Binder from a research prototype into the real world. Supporting large, truly distributed policies required non-trivial changes to Binder, in particular mode-restriction and goal-directed top-down evaluation. To improve the robustness of our evaluator, we describe a fair and terminating backtracking algorithm.