A Logical Approach to Access Control
Shiu-Kai Chin
Syracuse University
April 3, 2008
NWSE 222

We live in a networked world where it is possible for just about any computer to access any other computer in the world through wired and wireless networks. This connectivity has brought us tremendous conveniences but has also widened the opportunity for fraud. Unfortunately, it is not unusual for unauthorized people, agents or programs to access personal and sensitive information such as account numbers and medical histories inappropriately. People are victims of identity theft and fraud. Businesses and government agencies are victims of theft or corruption of their information, leading to loss of trust and reputation. The overall problem that we address is access control : that is, who should have access to what and under what circumstances?

Access-control decisions are made within the context of (1) information or evidence in the form of statements, credentials, licenses, tickets, or certificates, (2) trust assumptions regarding proxy relationships or the jurisdiction of authorities, and (3) some interpretation of credentials and other statements. Our goal is to achieve the same level of rigor when teaching access control as is achieved in hardware curricula. Our view is this: if you are the hardware designer and you are given the input values to your design, then you should be able to justify mathematically whether the value on any particular output is a 0 or a 1. Similarly, if you are the security engineer who has security requirements to meet and you are given a policy and a request, you should be able to justify mathematically if your answer is a "yes" or a "no".

We use a single access-control logic based on a simple propositional modal logic to reason about access control. Our focus is on reference monitors (the guards protecting system resources) because they are the parts of a system that systems engineers must worry about specifying, designing, implementing, and verifying. Reference monitors in security play an analogous role to the role played by finites-state machines in computer hardware.

This talk is based on a textbook (to be published in 2009 by CRC Press) that serves the needs of computer engineers and scientists who are responsible for designing, implementing and verifying secure computer and information systems. We have taught this to a wide variety of students, both undergraduate and graduate students. At the undergraduate level, we have taught this as a one-day 8-hour intensive short course as part the US Air s Advanced Course in Engineering (ACE) Cyber Security CampForce Boota 10-week intensive summer course on computer and network security combining work, education, and leadership-development activities. This course is taught to rising junior and senior Air Force ROTC cadets from across the country. We also teach the more advanced content in our textbook to our graduate students at Syracuse University.

Shiu-Kai Chin's work is in the area of information assurance and security. He works with the Information Directorate of the Air Force Research Lab in defensive cyberoperations. In a prior life, he was at General Electric where he designed several products including a nuclear fuel-rod monitor, a memory manager for a heart imaging system, and a custom processor for controlling phased-array radars.

Lunch will be served at noon in Steinmetz 203.