Abstract
We study some of the concepts, protocols, and algorithms for access control in distributed systems, from a logical perspective. We account for how a principal may come to believe that another principal is making a request, either on his own or on someone else’s behalf. We also provide a logical language for access control lists, and theories for deciding whether requests should be granted.
Part of this work was completed while at Digital Equipment Corporation, Systems Research Center.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi, M. Burrows, C. Kaufman, and B. Lampson. Authentication and Delegation with Smart-Cards. Digital Equipment Corporation Systems Research Center report No. 67, October 1990.
M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A Calculus for Access Control in Distributed Systems. Digital Equipment Corporation Systems Research Center report No. 70, February 1990.
H. Andréka. Representations of Distributive Lattice-ordered Semigroups with Binary Relations. Manuscript, August 1989.
M. Burrows, M. Abadi, and R.M. Needham. A Logic of Authentication. Proceedings of the Royal Society of London A Vol. 426, 1989, pp. 233–271.
CCITT. CCITT Blue Book, Recommendation X.509 and ISO 9594-8: The Directory-Authentication Framework. Geneva, March 1988.
A. Chandra, D. Kozen, and L. Stockmeyer. Alternation. JACM Vol. 28, No. 1, January 1981, pp. 114–133.
National Bureau of Standards. Data Encryption Standard. Fed. Inform. Processing Standards Pub. 46. Washington DC, January 1977.
W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, No. 6, November, 1976, pp. 644–654.
R. Fabry. Capability-based Addressing. CACM Vol. 17, No. 7, July 1974, pp. 403–412.
M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The Digital Distributed System Security Architecture. Proceedings of the 1989 National Computer Security Conference, October 1989, pp. 305–319.
M. Gasser and E. McDermott. An Architecture for Practical Delegation in a Distributed System. Proceedings of the 1990 IEEE Symposium on Security and Privacy, May 1990, pp. 20–30.
G.E. Hughes and M.J. Cresswell. An Introduction to Modal Logic. Methuen Inc., New York, 1968.
J. Kohl, C. Neuman, and J. Steiner. The Kerberos Network Authentication Service (version 5, draft 3). Available by anonymous ftp from athena-dist.mit.edu as /pub/doc/kerberos/V5DRAFT3-RFC.PS,TXT, October 1990.
B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in Distributed Systems: Theory and Practice. To appear in the Proceedings of the Thirteenth Symposium on Operating System Principles, October 1991.
H. Levy. Capability-based Computer Systems. Digital Press, 1983.
S.P. Miller, C. Neuman, J.I. Schiller, and J.H. Saltzer. Kerberos Authentication and Authorization System. Project Athena Technical Plan Section E.2.1, MIT, July 1987.
R.M. Needham and M.D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. CACM Vol. 21, No. 12, December 1978, pp. 993–999.
V. Pratt. Dynamic Algebras as a Well-behaved Fragment of Relation Algebras. In Algebraic Logic and Universal Algebra in Computer Science, Springer-Verlag LNCS 425, 1990.
R.L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-key Cryptosystems. CACM Vol. 21, No. 2, February 1978, pp. 120–126.
J. Saltzer and M. Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE Vol. 63, No. 9, September 1975, pp. 1278–1308.
K. Sollins. Cascaded Authentication. Proceedings of the 1988 IEEE Symposium on Security and Privacy, April 1988, pp. 156–163.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1992 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abadi, M., Burrows, M., Lampson, B., Plotkin, G. (1992). A Calculus for Access Control in Distributed Systems. In: Feigenbaum, J. (eds) Advances in Cryptology — CRYPTO ’91. CRYPTO 1991. Lecture Notes in Computer Science, vol 576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46766-1_1
Download citation
DOI: https://doi.org/10.1007/3-540-46766-1_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-55188-1
Online ISBN: 978-3-540-46766-3
eBook Packages: Springer Book Archive