Journal of Symbolic Computation
A lattice model of secure information flow
Communications of the ACM
Static analysis in datalog extensions
Journal of the ACM (JACM)
Principles of Database and Knowledge-Base Systems: Volume II: The New Technologies
Principles of Database and Knowledge-Base Systems: Volume II: The New Technologies
ACM SIGOPS Operating Systems Review
On protection in operating systems
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
NETRA:: seeing through access control
Proceedings of the fourth ACM workshop on Formal methods in security
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
Verifying Information Flow Control over Unbounded Processes
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
The home needs an operating system (and an app store)
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
Analyzing explicit information flow
ICISS'10 Proceedings of the 6th international conference on Information systems security
SEAL: a logic programming framework for specifying and verifying access control models
Proceedings of the 16th ACM symposium on Access control models and technologies
Poster: towards formal verification of DIFC policies
Proceedings of the 18th ACM conference on Computer and communications security
An operating system for the home
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
We present EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems. Our language extends Datalog with some carefully designed constructs that allow the introduction and transformation of new relations. For example, these constructs can model the creation of processes and objects, and the modification of their security labels at runtime. The information-flow properties of such systems can be analyzed by asking queries in this language. We show that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog, and further, under some restrictions, to efficient query evaluation in Datalog. We implement these reductions in our tool, and demonstrate its scope through several case studies. In particular, we study in detail the dynamic access control models of the Windows Vista and Asbestos operating systems. We also automatically prove the security of a webserver running on Asbestos.