A Logical Approach to Access Control, Security, and Trust

Designers, auditors, and certifiers of trustworthy systems must rigorously assess compliance with security policies. Because security is best built into systems at all levels of abstraction, engineers and other practitioners who design, verify, or certify trustworthy systems need the capability to reason rigorously about security policies in general, and access decisions in particular. What is required is a logic or calculus general enough to be useful from the concrete hardware level to the abstract policy level that also captures access-control concepts such as authorization, certified statements, jurisdiction, and delegation. Ideally, this calculus should be straightforward for practitioners to use, much like the propositional logic used in hardware design by engineers. We have created an accesscontrol logic that meets these requirements and have used this logic to account for security, trust, and access policies in hardware, software, protocols, and concepts of operations. We give an overview of the logic and its application to hardware, protocols, and policy.