Access Control, Security, and Trust: A Logical Approach / Edition 1 available in Hardcover, eBook
Access Control, Security, and Trust: A Logical Approach / Edition 1
- ISBN-10:
- 1584888628
- ISBN-13:
- 9781584888628
- Pub. Date:
- 07/26/2010
- Publisher:
- Taylor & Francis
- ISBN-10:
- 1584888628
- ISBN-13:
- 9781584888628
- Pub. Date:
- 07/26/2010
- Publisher:
- Taylor & Francis
Access Control, Security, and Trust: A Logical Approach / Edition 1
Buy New
$140.00Buy Used
$108.87-
PICK UP IN STORE
Your local store may have stock of this item.
Available within 2 business hours
-
SHIP THIS ITEM
Temporarily Out of Stock Online
Please check back later for updated availability.
Overview
Developed from the authors' courses at Syracuse University and the U.S. Air Force Research Laboratory, Access Control, Security, and Trust: A Logical Approach equips readers with an access-control logic they can use to specify and verify their security designs. Throughout the text, the authors use a single access-control logic based on a simple propositional modal logic.
The first part of the book presents the syntax and semantics of access-control logic, basic access-control concepts, and an introduction to confidentiality and integrity policies. The second section covers access-control in networks, delegation, protocols, and the use of cryptography. In the third section, the authors focus on hardware and virtual machines. The final part discusses confidentiality, integrity, and role-based access-control.
Features
Employs propositional modal logic to explain access-control principles
Shows how to perform derivations and calculations with mathematical precision and accuracy
Focuses on reference monitors in security
Presents numerous examples ranging from the control of physical memory in hardware to multilevel security policies
Includes exercises that deal with application, analysis, synthesis, and evaluation
Offers HOL-4 implementation and slides for each chapter available for download on crcpress.com
Taking a logical, rigorous approach to access control, this book shows how logic is a useful tool for analyzing security designs and spelling out the conditions upon which access-control decisions depend. It is designed for computer engineers and computer scientists who are responsible for designing, implementing, and verifying secure computer and information systems.
Product Details
ISBN-13: | 9781584888628 |
---|---|
Publisher: | Taylor & Francis |
Publication date: | 07/26/2010 |
Series: | Chapman & Hall/CRC Cryptography and Network Security Series , #5 |
Edition description: | New Edition |
Pages: | 352 |
Product dimensions: | 6.10(w) x 9.40(h) x 0.90(d) |
About the Author
Shiu-Kai Chin is a Meredith Professor in the Department of Electrical Engineering and Computer Science at Syracuse University. He is also director of the Center for Information and Systems Assurance and Trust. While at Syracuse, Dr. Chin has received the Outstanding Teacher Award, the Chancellor’s Citation for Outstanding Contributions to the University’s Academic Programs, and the Crouse Hinds Award for Excellence in Education.
Susan Older is an associate professor in the Department of Electrical Engineering and Computer Science at Syracuse University. She is also the program director for the Certificate of Advanced Study in Systems Assurance. Dr. Older’s research interests include programming-language semantics, logics of programs, formal methods, and information-assurance and computer science education.
Table of Contents
List of Tables xiii
List of Figures xv
Preface xix
1 Access Control, Security, Trust, and Logic 1
1.1 Deconstructing Access-Control Decisions 3
1.2 A Logical Approach to Access Control 6
I Preliminaries 9
2 A Language for Access Control 11
2.1 Sets and Relations 11
2.1.1 Notation 12
2.1.2 Approaches for Mathematical Proofs 13
2.2 Syntax 15
2.2.1 Principal Expressions 17
2.2.2 Access-Control Statements 18
2.2.3 Well-Formed Formulas 20
2.3 Semantics 22
2.3.1 Kripke Structures 23
2.3.2 Semantics of the Logic 28
2.4 Summary 37
2.5 Further Reading 37
3 Reasoning about Access Control 39
3.1 Logical Rules 39
3.1.1 The Taut Rule 41
3.1.2 The Modus Ponens Rule 42
3.1.3 The Says Rule 42
3.1.4 The MP Says Rule 42
3.1.5 The Speaks For Rule 43
3.1.6 The & Says and Quoting Rules 43
3.1.7 Properties of → 43
3.1.8 The Equivalence Rule 45
3.1.9 The Controls Definition 46
3.2 Formal Proofs and Theorems 47
3.3 Soundness of Logical Rules 50
3.4 Summary 54
3.5 Further Reading 54
4 Basic Concepts 57
4.1 Reference Monitors 57
4.2 Access-Control Mechanisms: Tickets and Lists 60
4.2.1 Tickets 61
4.2.2 Lists 63
4.2.3 Logical and Pragmatic Implications 66
4.3 Authentication 68
4.3.1 Two-Factor Authentication 68
4.3.2 Using Credentials from Other Authorities 70
4.3.3 Groups 74
4.4 Summary 75
4.5 Further Reading 76
5 Security Policies 77
5.1 Confidentiality, Integrity, and Availability 77
5.2 Discretionary Security Policies 79
5.3 Mandatory Security Policies 81
5.4 Military Security Policies 85
5.4.1 Extending the Logic with Security levels 85
5.4.2 Expressing Military Security Policies 87
5.4.3 Military Security Policies: An Extended Example 90
5.5 Commercial Policies 94
5.5.1 Extending the Logic with Integrity Levels 95
5.5.2 Protecting Integrity 97
5.5.3 Strict Integrity 98
5.5.4 An Extended Example of a Strict Integrity Policy 100
5.6 Summary 105
5.7 Further Reading 105
II Distributed Access Control 107
6 Digital Authentication 109
6.1 Public-Key Cryptography 109
6.2 Efficiency Mechanisms 112
6.2.1 Cryptographic Hash Functions 112
6.2.2 Data-Encryption Keys 113
6.2.3 Digital Signatures 113
6.3 Reasoning about Cryptographic Communications 114
6.4 Certificates, Certificate Authorities, and Trust 116
6.5 Symmetric-Key Cryptography 125
6.6 Summary 131
6.7 Further Reading 131
7 Delegation 133
7.1 Simple Delegations 133
7.2 Delegation and Its Properties 135
7.3 A Delegation Example: Simple Checking 141
7.3.1 Formal Definitions of Checks 142
7.3.2 Bank Policies on Checks 143
7.3.3 Operating Rules for Checks 144
7.4 Summary 147
7.5 Further Reading 147
8 Networks: Case Studies 149
8.1 SSL and TLS: Authentication across the Web 149
8.1.1 Handshake Protocol 150
8.1.2 Record Protocol 155
8.2 Kerberos: Authentication for Distributed Systems 157
8.2.1 Initial Authentication Requests 157
8.2.2 Requests for Service-Specific Tickets 159
8.2.3 Requests for Services 161
8.2.4 Proxiable Tickets 162
8.3 Financial Networks 166
8.3.1 Electronic Clearinghouses 166
8.3.2 Bank Authorities, Jurisdiction, and Policies 169
8.3.3 Bank Operating Rules 170
8.4 Summary 172
8.5 Further Reading 173
III Isolation and Sharing 175
9 A Primer on Computer Hardware 177
9.1 Ones and Zeros 177
9.2 Synchronous Design 178
9.2.1 Synchronous Registers 178
9.2.2 Registers with Load Control 179
9.2.3 Registers with Tri-State Outputs 179
9.2.4 Combinational Logic and Functions 182
9.2.5 Arithmetic Logic Units 184
9.3 Microcode 190
9.3.1 Data Paths and Control Paths 190
9.3.2 Microprogramming 192
9.4 Summary 193
9.5 Further Reading 195
10 Virtual Machines and Memory Protection 197
10.1 A Simple Processor 198
10.1.1 Processor Components 199
10.1.2 Machine Instructions 201
10.2 Processors with Memory Segmentation 204
10.2.1 Segmentation Using a Relocation Register 204
10.2.2 Processor State and Instructions 207
10.2.3 Program Status Word 207
10.2.4 Traps 208
10.3 Controlling Access to Memory and Segmentation Registers 209
10.3.1 Access to Program Memory 210
10.3.2 Implementation Details 212
10.3.3 Access to the Relocation Register 213
10.3.4 Setting the Mode Bit 215
10.4 Design of the Virtual Machine Monitor 217
10.4.1 Privileged Instructions 220
10.4.2 Sensitive Instructions 221
10.4.3 Virtualizable Processor Architectures 223
10.5 Summary 224
10.6 Further Reading 225
11 Access Control Using Descriptors and Capabilities 227
11.1 Address Descriptors and Capabilities 227
11.2 Tagged Architectures 231
11.3 Capability Systems 233
11.3.1 Catalogs 233
11.3.2 Creating New Segments 235
11.3.3 Dynamic Sharing 237
11.3.4 Revocation of Capabilities 239
11.4 Summary 241
11.5 Further Reading 242
12 Access Control Using Lists and Rings 245
12.1 Generalized Addresses 245
12.2 Segment Access Controllers 247
12.3 ACL-Based Access Policy for Memory Accesses 249
12.4 Ring-Based Access Control 253
12.4.1 Access Brackets 254
12.4.2 Call Brackets 255
12.5 Summary 258
12.6 Further Reading 259
IV Access Policies 261
13 Confidentiality and Integrity Policies 263
13.1 Classifications and Categories 263
13.2 Bell-La Padula Model, Revisited 266
13.3 Confidentiality levels: Some Practical Considerations 269
13.4 Biba's Strict Integrity, Revisited 272
13.5 Lipner's Integrity Model 276
13.5.1 Commercial Integrity Requirements 277
13.5.2 Commercial Integrity via Bell-La Padula 277
13.5.3 Commercial Integrity via Bell-La Padula and Strict Integrity 281
13.6 Summary 285
13.7 Further Reading 285
14 Role-Based Access Control 289
14.1 RBAC Fundamentals 289
14.1.1 Role Inheritance 290
14.1.2 Sessions 295
14.2 Separation of Duty 297
14.2.1 Static Separation of Duty 297
14.2.2 Dynamic Separation of Duty 299
14.3 Representing RBAC Systems in the Logic 304
14.3.1 RBAC Extensions to the Logic 304
14.3.2 Translating RBAC into the Logic 305
14.4 Summary 310
14.5 Further Reading 312
A Summary of the Access-Control Logic 313
A.1 Syntax 313
A.2 Core Rules, Derived Rules, and Extensions 315
Bibliography 321
Notation Index 324
General Index 325
What People are Saying About This
Focusing on the logic of access control, more than on actual computer programming, this volume is designed as a textbook for undergraduates. Each chapter ends with exercises and a concise description of expected learning outcomes. The authors, both in electrical engineering and computer science at Syracuse University, also teach an intensive summer course on access control for hundreds of ROTC cadets. It contains a useful selection of tables and figures, a notation index and a brief bibliography.
—SciTech Book News, February 2011