The Hogg Blog : F#

SecPAL Parser Updated for VS2008 and F#1.9.6.16

Jason Hogg — Sun, 27 Sep 2009 01:27:00 GMT

I finally got around to updating the SecPAL Parser to run on the latest version of Visual Studio and F#. Development experience should be much cleaner now because F# is far better integrated into VS. If you run into any problems please post a note or drop me an email. For more information please see our SecPAL CodeBox Community Site.

Language Oriented Programming

Jason Hogg — Fri, 20 Jun 2008 17:58:00 GMT

Chris Smith from the F# team has an awesome blog post on language oriented programming - and specifically LOP in F#. For those new to LOP Chris describes it as a style of programming that resembles a domain specific language - but is still valid in a general purpose programming language.

As we see more and more DSL's emerge - specifically in domains where visual models aren't adequate to sufficiently represent domain concepts - I believe we will see a huge movement toward LOP. For our Security Policy Language this was the case - leading us to the creation of our SecPAL Parser - which was also written in F#.

Anyone interested in DSL's should definitely read Chris' blog post...

F# is getting productized!

Jason Hogg — Thu, 18 Oct 2007 23:41:00 GMT

I just saw the announcement on Don and Soma's blogs about the fact that a product team has officially been established to productize F#. This is great news for Don Syme and James Margetson who have been working slavishly on F# for the last couple of years. Congratulations guys!!!

For more information see:

Parser for SecPAL simplified English grammar now available!

Jason Hogg — Mon, 27 Aug 2007 00:17:00 GMT

One of the great strengths of SecPAL is its unique support for multiple representations of a security policy; XML for interoperability; and a simplified English grammar for human readbility. The SecPAL v1.1 Research Release (available from http://research.microsoft.com/projects/secpal) allows SecPAL assertions to be created using the rich and flexible.NET object model or deserialized from (or serialized into XML) XML according to the SecPAL Schema Specification (also available at the aforementioned URL).

We have now also created a sample parser that allows SecPAL policies and authorization queries to be specified using a simplified English grammar and then translated into the SecPAL object model. This allows policies to be specified declaratively in a human readable form. The parser is written using F# and uses the Lexx and Yacc tools that accompany F#. Full source code is included - so if you are looking for a good project to start learning F# - or if you want to see a complete parser implementation developed using F# and the accompanying tools then this is a great place to start.

I really enjoyed working on this sample as it gave me an opportunity to learn a lot more about F# - so over the next couple of posts I will share a lot more information on how the sample works including some tips about F# that I have learned. I will also start posting additional additional access control patterns specified declaratively - hopefully making the samples much easier to follow than the more length samples written purely in C# or F#.

The parser sample is available from here: http://www.codeplex.com/secpal/Release/ProjectReleases.aspx?ReleaseId=6667

Writing SecPAL Assertions In F# - Contd

Jason Hogg — Wed, 20 Jun 2007 19:24:00 GMT

In my earlier post I showed how SecPAL could be used to grant access to a particular user based on a token issued by an STS that we explicitly established a trust relationship with using the SecPAL "canSay" predicate. Now I am going to show you something that I think is really cool - and something that demonstrates the advantage of our underlying Datalog engine. We are going to make three small changes to the code I showed you in the earlier post to demonstrate how instead of an authorization query being used to determine whether a particualr user can access a resource, we are going to ask who all the users are that can possibly access a resouce based on the policies we have defined.

This kind of query is simple for SecPAL. We simply change our authorization query from including a concreate value (LA says jason can read file://public/foo.txt) to a query that includes a variable (LA says %p can read file://public/foo.txt) at which point Datalog will evaluate what all the possible principals are that can read this resource and will then return a list of substitutions. In addition to the substitutions it will also include proof graphs for each possible substitution showing exactly why it is that a particular user could access this resource. Anyone who has used Prolog in the past will likely realize that this is similar to how Prolog works and this is in fact because Datalog is in a subset of Prolog!

Now before you run this code take a look at this and the original resource access policy and decide which of our users will in fact be granted access to read this file. Not all of them will be... and it should hopefully be obvious which one will not be granted access.

In order to make this change three pieces of code need to change:

1. Create additional users - We will create five additional users, four of which are actually the SecPAL developers, and the fifth is not.

// Define the users within the simple scenario
let User1 = KeyHolderPrincipal(new RSACryptoServiceProvider(), "John")
let User2 = KeyHolderPrincipal(new RSACryptoServiceProvider(), "Greg")
let User3 = KeyHolderPrincipal(new RSACryptoServiceProvider(), "Jason")
let User4 = KeyHolderPrincipal(new RSACryptoServiceProvider(), "Larry")
let User5 = KeyHolderPrincipal(new RSACryptoServiceProvider(), "Fred")

2. Issue tokens for the additional users - For this example I am being lazy and simply putting all the claims about possession of attributes in one token. In reality each user would normally be issued their own token.

// Create a Token to identify our Users with 
let token = Token(issuer=PrincipalIssuer(STS),
                  claims=[ Claim(fact=PossessFact(User1, 
                                                  new SecPALAttribute(AttributeType.rfc822Name,@"john@microsoft.com")));
                           Claim(fact=PossessFact(User2, 
                                                  new SecPALAttribute(AttributeType.rfc822Name,@"greg@microsoft.com")));
                           Claim(fact=PossessFact(User3, 
                                                  new SecPALAttribute(AttributeType.rfc822Name,@"jason@microsoft.com")));
                           Claim(fact=PossessFact(User4, 
                                                  new SecPALAttribute(AttributeType.rfc822Name,@"larry@microsoft.com")));
                           Claim(fact=PossessFact(User4, 
                                                  new SecPALAttribute(AttributeType.rfc822Name,@"fred@hotmail.com")))
                                                  ]) 

let tokens = [ token ]

3. Modify our authorization query - We now change the authorization query so that we leave a variable in the query. SecPAL will then determine all the valid users are for this this variable can be unified.

// Create our Authorization Query 
//		LA says %p can read file://public/foo.txt?
let query = AuthorizationQuery
               (expression=AssertionExpression
                   (assertion=AtomicAssertion
                       (principal=ResourceGuard, 
                        fact=ActionFact(PrincipalVariable("p"), ActionVerbs.read, 
                                        Resource(ResourceType.digitalContent, 
                                                 System.Uri(@"file://public/foo.txt"))))))

Writing SecPAL assertions in F#

Jason Hogg — Sat, 16 Jun 2007 02:22:00 GMT

I figured I would try to learn F# over this summer - and thought what better way to start than create a couple of SecPAL samples in F#. I thought this might help people that are interested in learning more about F#, or potentially F# users that are interested in learning more about how SecPAL can be used for access control scenarios. The sample below is simplified version of our classic multi-domain scenario (see here for a complete description). In short we have three parties: A resource guard that is responsible for protecting access to a resource, an STS that is trusted to issue claims about users, and a user that wants to access a file.

In order to support this scenario we have the following assertions:

SecPAL policies

Resource access policy - LA says %p read file://public/ if %p possesses %a where %a match .*@microsoft.com
Trust policy - LA says STS canSay %p possesses %a where %a match .*@microsoft.com

SecPAL token

STS says User possesses rfc822Name:jason@microsoft.com

SecPAL authorization query

LA says Jason can read file://public/foo.txt?

When run the code will output a textual proof graph illustrating exactly what the chain of deductions were that lead to this authorization decision being approved. If you want to use our graphical proof graph viewer take a look at this post. You will have to add an audit policy but that is really straight forward.

The F# code for this scenario is included below. In the my next few blog posts I will show you how to modify this code to do some extra cool things... In the mean time let me know if you have any questions, or if there are any scenarios you would like me to demonstrate.

Thanks to Don Syme and Can Erton of the F-Sharp team for reviewing my code before I released it!

// Title: Simple SecPAL security scenario (F#)
#light
// Update the pointer below to your SecPAL DLL (The SecPAL .NET implementation is available from http://research.microsoft.com/projects/secpal)

#I "C:\Users\jahogg\Documents\Microsoft SecPal Research Release\Bin\Microsoft.Research.SecPal.dll"
#r "Microsoft.Research.SecPal.dll"

open Microsoft.Research.SecPal.Authorization 
open System.Security.Cryptography
open System.Collections.Generic
type SecPALAttribute = Microsoft.Research.SecPal.Authorization.Attribute

// Define the users within the simple scenario
let User = KeyHolderPrincipal(new RSACryptoServiceProvider(), "Jason")
let STS = KeyHolderPrincipal(new RSACryptoServiceProvider(), "STS")
let ResourceGuard = LocalAuthorityPrincipal("ResourceGuard") // ResouceGuard == LocalAuthority == LA

// Define Resource Access Policy 
//		LA says %p read file://public/ if %p possesses %a where %a match ".*@microsoft.com" 					
let claims = [Claim(fact=ActionFact(PrincipalVariable("p"),
                                    ActionVerbs.read,
                                    Resource(ResourceType.digitalContent,
                                             System.Uri(@"file://public/"))),
                    condition=PossessFact(PrincipalVariable("p"),
                                          AttributeVariable("a")),
                    constraint=AttributeMatchConstraint("a",AttributeType.rfc822Name, @".*@microsoft\.com"));
              // LA says STS canSay %p possesses %a where %a match ".*@microsoft.com" 					
              Claim(fact=CanSayFact(STS,
                                    fact=PossessFact(PrincipalVariable("p"),
                                                     AttributeVariable("a"))),
                    constraint=AttributeMatchConstraint("a",AttributeType.rfc822Name, @".*@microsoft\.com")) ]

let policy = Policy(PrincipalIssuer(ResourceGuard), claims)
let policies = [ policy ]

// Create a Token to identify our User with 
//		STS says User possesses rfc822Name:"jahogg@microsoft.com"
let token = Token(issuer=PrincipalIssuer(STS),
                  claims=[ Claim(fact=PossessFact(User, 
                                                  new SecPALAttribute(AttributeType.rfc822Name,@"jason@microsoft.com")))]) 

let tokens = [ token ]

// Create our Authorization Query 
//		LA says Jason can read file://public/foo.txt?

let query = AuthorizationQuery
               (expression=AssertionExpression
                   (assertion=AtomicAssertion
                       (principal=ResourceGuard, 
                        fact=ActionFact(User, ActionVerbs.read, 
                                        Resource(ResourceType.digitalContent, 
                                                 System.Uri(@"file://public/foo.txt"))))))

// Perform our Authorization Query using the Authorization Engine		
let answers = AuthorizationEngine.MakeAuthorizationDecision(ResourceGuard, tokens, policies, query) 
 
// Determine if access was granted
let results = (if (answers.Count < 1) then "Denied" else "Authorized") 

// Print out the results
printf "The result is %s \n" results
printf "Answer count = %i \n\n" answers.Count

// Iterate over the Proofs
for answer in answers do
    // Output variable substitutions
    let subs = answer.Substitution 
    for sub in subs do
        System.Console.WriteLine ("Name " + sub.Key.Name + " = " + sub.Value.ToString());
    // Output proof graphs
    let proofs = answer.ProofGraphs 
    for proof in proofs do
        System.Console.Write("Expression = ")
        System.Console.WriteLine(proof.Expression)
        System.Console.WriteLine("Graph = ")
        System.Console.WriteLine(proof.ProofRoot)

// Press any key to continue (Homer "Where's the any key?")
System.Console.ReadLine()