1st Edition

Access Control, Security, and Trust A Logical Approach

By Shiu-Kai Chin, Susan Beth Older Copyright 2011
    352 Pages 93 B/W Illustrations
    by Chapman & Hall

    Developed from the authors’ courses at Syracuse University and the U.S. Air Force Research Laboratory, Access Control, Security, and Trust: A Logical Approach equips readers with an access control logic they can use to specify and verify their security designs. Throughout the text, the authors use a single access control logic based on a simple propositional modal logic.

    The first part of the book presents the syntax and semantics of access control logic, basic access control concepts, and an introduction to confidentiality and integrity policies. The second section covers access control in networks, delegation, protocols, and the use of cryptography. In the third section, the authors focus on hardware and virtual machines. The final part discusses confidentiality, integrity, and role-based access control.

    Taking a logical, rigorous approach to access control, this book shows how logic is a useful tool for analyzing security designs and spelling out the conditions upon which access control decisions depend. It is designed for computer engineers and computer scientists who are responsible for designing, implementing, and verifying secure computer and information systems.

    Access Control, Security, Trust, and Logic
    Deconstructing Access Control Decisions
    A Logical Approach to Access Control

    PRELIMINARIES
    A Language for Access Control

    Sets and Relations
    Syntax
    Semantics

    Reasoning about Access Control
    Logical Rules
    Formal Proofs and Theorems
    Soundness of Logical Rules

    Basic Concepts
    Reference Monitors
    Access Control Mechanisms: Tickets and Lists
    Authentication

    Security Policies
    Confidentiality, Integrity, and Availability
    Discretionary Security Policies
    Mandatory Security Policies
    Military Security Policies
    Commercial Policies

    DISTRIBUTED ACCESS CONTROL
    Digital Authentication
    Public-Key Cryptography
    Efficiency Mechanisms
    Reasoning about Cryptographic Communications
    Certificates, Certificate Authorities, and Trust
    Symmetric-Key Cryptography

    Delegation
    Simple Delegations
    Delegation and Its Properties
    A Delegation Example: Simple Checking

    Networks: Case Studies
    SSL and TLS: Authentication across the Web
    Kerberos: Authentication for Distributed Systems
    Financial Networks

    ISOLATION AND SHARING
    A Primer on Computer Hardware
    Ones and Zeros
    Synchronous Design
    Microcode

    Virtual Machines and Memory Protection
    A Simple Processor
    Processors with Memory Segmentation
    Controlling Access to Memory and Segmentation Registers
    Design of the Virtual Machine Monitor

    Access Control Using Descriptors and Capabilities
    Address Descriptors and Capabilities
    Tagged Architectures
    Capability Systems

    Access Control Using Lists and Rings
    Generalized Addresses
    Segment Access Controllers
    ACL-Based Access Policy for Memory Accesses
    Ring-Based Access Control

    ACCESS POLICIES
    Confidentiality and Integrity Policies

    Classifications and Categories
    Bell–La Padula Model, Revisited
    Confidentiality Levels: Some Practical Considerations
    Biba’s Strict Integrity, Revisited
    Lipner’s Integrity Model

    Role-Based Access Control
    RBAC Fundamentals
    Separation of Duty
    Representing RBAC Systems in the Logic

    Appendix: Summary of the Access Control Logic

    Index

    A Summary and Further Reading appear at the end of each chapter.

    Biography

    Shiu-Kai Chin is a Meredith Professor in the Department of Electrical Engineering and Computer Science at Syracuse University. He is also director of the Center for Information and Systems Assurance and Trust. While at Syracuse, Dr. Chin has received the Outstanding Teacher Award, the Chancellor’s Citation for Outstanding Contributions to the University’s Academic Programs, and the Crouse Hinds Award for Excellence in Education.

    Susan Older is an associate professor in the Department of Electrical Engineering and Computer Science at Syracuse University. She is also the program director for the Certificate of Advanced Study in Systems Assurance. Dr. Older’s research interests include programming-language semantics, logics of programs, formal methods, and information-assurance and computer science education.

    Focusing on the logic of access control, more than on actual computer programming, this volume is designed as a textbook for undergraduates. Each chapter ends with exercises and a concise description of expected learning outcomes. The authors, both in electrical engineering and computer science at Syracuse University, also teach an intensive summer course on access control for hundreds of ROTC cadets. It contains a useful selection of tables and figures, a notation index and a brief bibliography.
    SciTech Book News, February 2011