Verified enforcement of stateful information release policies
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Verified enforcement of stateful information release policies
ACM SIGPLAN Notices
Encoding information flow in Aura
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Encoding information flow in AURA
ACM SIGPLAN Notices
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
A logic for authorization provenance
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Towards a theory of accountability and audit
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Reliable evidence: auditability by typing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Security-typed programming within dependently typed programming
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
The Foundations for Provenance on the Web
Foundations and Trends in Web Science
A provenance-based compliance framework
FIS'10 Proceedings of the Third future internet conference on Future internet
AuraConf: a unified approach to authorization and confidentiality
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Tracing where and who provenance in Linked Data: A calculus
Theoretical Computer Science
DKAL*: constructing executable specifications of authorization protocols
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
IJCAI'13 Proceedings of the Twenty-Third international joint conference on Artificial Intelligence
Toward strong, usable access control for shared distributed data
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
A core calculus for provenance
Journal of Computer Security - Security and Trust Principles
| Hi-index | 0.00 |
Authorization logics provide a principled and flexible approach to specifying access control policies. One of their compelling benefits is that a proof in the logic is evidence that an access-control decision has been made in accordance with policy. Using such proofs for auditing reduces the trusted computing base and enables the ability to detect flaws in complex authorization policies. Moreover, the proof structure is itself useful, because proof normalization can yield information about the relevance of policy statements. Untrusted, but well-typed, applications that access resources through an appropriate interface must obey the access control policy and create proofs useful for audit. This paper presents AURA_0, an authorization logic based on a dependently-typed variant of DCC and proves the metatheoretic properties of subject-reduction and normalization. It shows the utility of proof-based auditing in a number of examples and discusses several pragmatic issues that must be addressed in this context.