Binder is an open logic based security language. It encodes security statements, making them components of distributed logic programs to express security statements in a distributed system.
Security systems are encoded and must follow a schema. This schema and its accompanying procedure can be defined into a security language. The certificates and policies are written in the security language and interpreted by its decision procedure. Traditional security systems store security statements in a variety of data structures. The user’s identities are matched to their access rights and also to a predefined decision procedure.
Binder is simply a new and better way of expressing security clearances in systems. It is easier and makes more sense from a readability perspective. It has five key properties:
1. A Binder statement can be translated into a declarative stand alone English sentence.
2. Binder programs can explicitly define application-specific predicates, which act as lemmas in proofs.
3. Certificates can contain arbitrary statements, which include definitions and uses of new predicates.
4. Binder statements can appear in ACL, certificates, policies, etc. and can freely interoperate.
5. Binder queries are decidable in polynomial time.
Statements in Binder can be exported and later imported to other security systems or the same system. Imported statements are automatically quoted. And local context can be easily differentiated from imported ones.
Binder has delegations for trust (for example: Admin trusts User1), delegation (for example: Admin delegates identification of users to User1) and speaks-for (for example: User1 speaks-for Admin). These are English statements, which can be transformed in Binder security language.
1. A Binder statement can be translated into a declarative stand alone English sentence.
2. Binder programs can explicitly define application-specific predicates, which act as lemmas in proofs.
3. Certificates can contain arbitrary statements, which include definitions and uses of new predicates.
4. Binder statements can appear in ACL, certificates, policies, etc. and can freely interoperate.
5. Binder queries are decidable in polynomial time.
Statements in Binder can be exported and later imported to other security systems or the same system. Imported statements are automatically quoted. And local context can be easily differentiated from imported ones.
Binder has delegations for trust (for example: Admin trusts User1), delegation (for example: Admin delegates identification of users to User1) and speaks-for (for example: User1 speaks-for Admin). These are English statements, which can be transformed in Binder security language.
This definition was written in the context of Programming Languages
0 Comments