Modern OS Security and Authorization Logic

Goals

• Understand a basic logic for reasoning about authorization
• Apply that logic for simple proofs
• Recognize when authorization logic can apply to real-world scenarios
• Understand the challenges and mechanisms for granting permissions in modern OSes

Authorization Logic

• Overview
  • Recall the distinction between authentication and authorization
  • What separates access control policy from access control mechanism?
  • Why is access control harder in distributed systems?
• Defining Our Logic
  • How are inference rules interpretted?
  • Be prepared to explain the justification for the rules within the logic presented in the slides
  • What does a Certificate Authority look like in our logic?
  • How can we incorporate roles within our logic?
• Logic usage
  • What are three different models of authorization checking?
    • What are the tradeoffs amongst them?
  • What is the connection between programs and roles?
• How are certificates revoked?
  • What are the tradeoffs between certificate countersigning and revocation lists?

Permission Granting

• Why does the OS need input from the user about resource permissions?
• What are the state-of-the-art permission granting systems?
  • What are some of their limitations?
• What properties should a permission granting system have?
• How can the OS understand generalized in-app permission-granting behaviors?
• What is an access-control gadget?
• How can social engineering bypass ACGs?