Skip to main content


eCommons@Cornell >
Faculty of Computing and Information Science >
Computing and Information Science >
Computing and Information Science Technical Reports >

Please use this identifier to cite or link to this item:
Title: Nexus Authorization Logic (NAL): Design Rationale and Applications
Authors: Schneider, Fred B.
Walsh, Kevin
Sirer, Emin Gun
Keywords: Authorization Logic
Credentials-based Authorizations
Issue Date: 14-Sep-2009
Abstract: Nexus Authorization Logic (NAL) provides a principled basis for specifying and reasoning about credentials and authorization policies. It extends prior access control logics based on "says" and "speaksfor" operators, enabling within a single framework request authorization to depend on (i) the source or pedigree of the requester, (ii) the outcome of performing an analysis on the requester, or (iii) the use of trusted software to encapsulate or modify the requester. Prototype document-viewer applications that enforce integrity and confidentiality of document contents - all implemented on the Nexus operating system - illustrate the convenience and expressive power of this approach to authorization.
Description: Categories and Subject Descriptors: D.2.0 [General]: Protection mechanisms; D.4.6 [Security and Protection]: Access controls
Appears in Collections:Computing and Information Science Technical Reports

Files in This Item:

File Description SizeFormat
TechReportVers.trudocs.pdf218.71 kBAdobe PDFView/Open

Refworks Export

Items in eCommons are protected by copyright, with all rights reserved, unless otherwise indicated.


© 2014 Cornell University Library Contact Us