SAFE: A Declarative Trust-Agile System with Linked Credentials

Thummala, Vamsidhar

January 2016

<p>Secure Access For Everyone (SAFE), is an integrated system for managing trust</p><p>using a logic-based declarative language. Logical trust systems authorize each</p><p>request by constructing a proof from a context---a set of authenticated logic</p><p>statements representing credentials and policies issued by various principals</p><p>in a networked system. A key barrier to practical use of logical trust systems</p><p>is the problem of managing proof contexts: identifying, validating, and</p><p>assembling the credentials and policies that are relevant to each trust</p><p>decision. </p><p>SAFE addresses this challenge by (i) proposing a distributed authenticated data</p><p>repository for storing the credentials and policies; (ii) introducing a</p><p>programmable credential discovery and assembly layer that generates the</p><p>appropriate tailored context for a given request. The authenticated data</p><p>repository is built upon a scalable key-value store with its contents named by</p><p>secure identifiers and certified by the issuing principal. The SAFE language</p><p>provides scripting primitives to generate and organize logic sets representing</p><p>credentials and policies, materialize the logic sets as certificates, and link</p><p>them to reflect delegation patterns in the application. The authorizer fetches</p><p>the logic sets on demand, then validates and caches them locally for further</p><p>use. Upon each request, the authorizer constructs the tailored proof context</p><p>and provides it to the SAFE inference for certified validation.</p><p>Delegation-driven credential linking with certified data distribution provides</p><p>flexible and dynamic policy control enabling security and trust infrastructure</p><p>to be agile, while addressing the perennial problems related to today's</p><p>certificate infrastructure: automated credential discovery, scalable</p><p>revocation, and issuing credentials without relying on centralized authority.</p><p>We envision SAFE as a new foundation for building secure network systems. We</p><p>used SAFE to build secure services based on case studies drawn from practice:</p><p>(i) a secure name service resolver similar to DNS that resolves a name across</p><p>multi-domain federated systems; (ii) a secure proxy shim to delegate access</p><p>control decisions in a key-value store; (iii) an authorization module for a</p><p>networked infrastructure-as-a-service system with a federated trust structure</p><p>(NSF GENI initiative); and (iv) a secure cooperative data analytics service</p><p>that adheres to individual secrecy constraints while disclosing the data. We</p><p>present empirical evaluation based on these case studies and demonstrate that</p><p>SAFE supports a wide range of applications with low overhead.</p> / Dissertation

Computer science

Logic-based access control

authorization

SAFE

Safelog

Safelang

slog

slang

SafeSets

SafeX

Security Policies

Software-as-a-service

Distributed Systems

Trust Logic

Declarative Languages

Trust Management