The goal of the Security Policy Assertion Language (SecPAL) project is to develop a language for expressing decentralized authorization policies, and to investigate language design and semantics, as well as related algorithms and analysis techniques. This project is a collaboration between the advanced technology incubation group of Microsoft's Chief Research and Strategy Officer and Microsoft Research Cambridge.
Overview
The development of large-scale, decentralized distributed computing environments has highlighted the need for fine-grained control over trust relationships and delegated access rights. Existing approaches do not fully satisfy these needs. They typically lack precision and/or require an undesirable reliance on centralized administration to be effective. In addition, one finds multiple independent mechanisms, with disparate semantics, being used to manage trust, delegation and authorization. This makes it difficult to understand the effective security in large distributed systems and complicates their management.
The goal of the SecPAL project is to develop a language for expressing decentralized authorization policies, and to investigate language design and semantics, as well as related algorithms and analysis techniques. This project is a collaboration between the advanced technology incubation group of Microsoft's Chief Research and Strategy Officer and Microsoft Research Cambridge.
- Moritz Y. Becker, Cedric Fournet, and Andrew D. Gordon, SecPAL: Design and Semantics of a Decentralized Authorization Language, in Journal of Computer Security (JCS), vol. 18, no. 4, pp. 597--643, IOS Press, 2010
- Moritz Y. Becker, SecPAL Formalization and Extensions, no. MSR-TR-2009-127, September 2009
- Moritz Y. Becker, Alexander Malkis, and Laurent Bussard, A Framework for Privacy Preferences and Data-Handling Policies, no. MSR-TR-2009-128, September 2009
- Moritz Y. Becker, Jason F. Mackay, and Blair Dillaway, Abductive Authorization Credential Gathering, in IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), IEEE, July 2009
- Moritz Y. Becker, Jason F. Mackay, and Blair Dillaway, An Abductive Protocol for Authorization Credential Gathering in Distributed Systems, no. MSR-TR-2009-19, 24 February 2009
- Moritz Y. Becker and Sebastian Nanz, The Role of Abduction in Declarative Authorization Policies, in 10th International Symposium on Practical Aspects of Declarative Languages (PADL), 2008
- Moritz Y. Becker and Sebastian Nanz, The Role of Abduction in Declarative Authorization Policies, no. MSR-TR-2007-105, August 2007
- Moritz Y. Becker, Cedric Fournet, and Andrew D. Gordon, Design and Semantics of a Decentralized Authorization Language, in 20th IEEE Computer Security Foundations Symposium (CSF), 2007
- Moritz Y. Becker, Andrew D. Gordon, and Cédric Fournet, SecPAL: Design and Semantics of a Decentralized Authorization Language, no. MSR-TR-2006-120, September 2006
Downloads
- Security Policy Assertion Language (SecPAL) Specification, Version 1.0, 15 February 2007
- SecPAL Schema, Version 1.0
- SecPAL Research Release for .NET, Version 1.1
- SecPAL parser sample
External Links
- SecPAL Forum
- Blair Dillaway, A Unified Approach to Trust, Delegation, and Authorization in Grids, Talk at GridWorld/GGF18, Washington DC, USA, September 2006 [slides].
