Moritz Y. Becker
We study the specification of access control policy in
large-scale distributed systems. Our work on real-world
policies has shown that standard policy idioms such as role
hierarchy or role delegation occur in practice in many subtle
variants. A policy specification language should therefore
be able to express this variety of features smoothly,
rather than add them as specific features in an ad hoc way,
as is the case in many existing languages.
We present Cassandra, a role-based trust management
system with an elegant and readable policy specification
language based on Datalog with constraints. The expressiveness
(and computational complexity) of the language
can be adjusted by choosing an appropriate constraint domain.
With just five special predicates, we can easily express
a wide range of policies including role hierarchy,
role delegation, separation of duties, cascading revocation,
automatic credential discovery and trust negotiation.
Cassandra has a formal semantics for query evaluation and
for the access control enforcement engine. We use a goaloriented
distributed policy evaluation algorithm that is efficient and guarantees termination. Initial performance results
for our prototype implementation have been promising.
|Published in||5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY)|