Team for Research in
Ubiquitous Secure Technology

Nexus Authorization Logic (NAL): Design Rationale and Applications
Fred Schneider, Kevin Walsh, Emin Gun Sirer

Citation
Fred Schneider, Kevin Walsh, Emin Gun Sirer. "Nexus Authorization Logic (NAL): Design Rationale and Applications". ACM Transactions on Information and System Security, 14(1):8-1, May 2011.

Abstract
Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics that are based on "says" and "speaks for" operators. NAL enables authorization of access requests to depend on (i) the source or pedigree of the requester, (ii) the outcome of any mechanized analysis of the requester, or (iii) the use of trusted software to encapsulate or modify the requester. To illustrate the convenience and expressive power of this approach to authorization, a suite of document-viewer applications was implemented to run on the Nexus operating system. One of the viewers enforces policies that concern the integrity of excerpts that a document contains; another viewer enforces confidentiality policies specified by labels tagging blocks of text.

Electronic downloads

Citation formats  
  • HTML
    Fred Schneider, Kevin Walsh, Emin Gun Sirer. <a
    href="http://www.truststc.org/pubs/901.html"
    >Nexus Authorization Logic (NAL): Design Rationale and
    Applications</a>, <i>ACM Transactions on
    Information and System Security</i>, 14(1):8-1, May
    2011.
  • Plain text
    Fred Schneider, Kevin Walsh, Emin Gun Sirer. "Nexus
    Authorization Logic (NAL): Design Rationale and
    Applications". <i>ACM Transactions on Information
    and System Security</i>, 14(1):8-1, May 2011.
  • BibTeX
    @article{SchneiderWalshSirer11_NexusAuthorizationLogicNALDesignRationaleApplications,
        author = {Fred Schneider and Kevin Walsh and Emin Gun Sirer},
        title = {Nexus Authorization Logic (NAL): Design Rationale
                  and Applications},
        journal = {ACM Transactions on Information and System Security},
        volume = {14},
        number = {1},
        pages = {8:1-8:28},
        month = {May},
        year = {2011},
        abstract = {Nexus Authorization Logic (NAL) provides a
                  principled basis for specifying and reasoning
                  about credentials and authorization policies. It
                  extends prior access control logics that are based
                  on "says" and "speaks for" operators. NAL enables
                  authorization of access requests to depend on (i)
                  the source or pedigree of the requester, (ii) the
                  outcome of any mechanized analysis of the
                  requester, or (iii) the use of trusted software to
                  encapsulate or modify the requester. To illustrate
                  the convenience and expressive power of this
                  approach to authorization, a suite of
                  document-viewer applications was implemented to
                  run on the Nexus operating system. One of the
                  viewers enforces policies that concern the
                  integrity of excerpts that a document contains;
                  another viewer enforces confidentiality policies
                  specified by labels tagging blocks of text.},
        URL = {http://www.truststc.org/pubs/901.html}
    }
    

Posted by Larry Rohrbough on 9 Apr 2012.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.