Authentication in distributed systems: theory and practice
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Role-Based Access Control Models
Computer
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Equivalences Among Relational Expressions with the Union and Difference Operators
Journal of the ACM (JACM)
A lattice model of secure information flow
Communications of the ACM
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Principles of Database and Knowledge-Base Systems: Volume II: The New Technologies
Principles of Database and Knowledge-Base Systems: Volume II: The New Technologies
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
What You Always Wanted to Know About Datalog (And Never Dared to Ask)
IEEE Transactions on Knowledge and Data Engineering
Optimal implementation of conjunctive queries in relational data bases
STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
Policy Contexts: Controlling Information Flow in Parameterised RBAC
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Managing Policy Updates in Security-Typed Languages
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Dynamic security labels and static information flow control
International Journal of Information Security
Gradual Release: Unifying Declassification, Encryption and Key Release Policies
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A Trust Management Approach for Flexible Policy Management in Security-Typed Languages
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Expressive Declassification Policies and Modular Static Enforcement
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Fable: A Language for Enforcing User-defined Security Policies
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Flow-sensitive semantics for dynamic information flow policies
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Flow locks: towards a core calculus for dynamic flow policies
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Restricted delegation and revocation in language-based security: (position paper)
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Stateful authorization logic: proof theory and a case study
STM'10 Proceedings of the 6th international conference on Security and trust management
Decentralized delimited release
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Runtime enforcement of information flow security in tree manipulating processes
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Model checking information flow in reactive systems
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Scheduler-Independent declassification
MPC'12 Proceedings of the 11th international conference on Mathematics of Program Construction
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Encoding secure information flow with restricted delegation and revocation in Haskell
Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Stateful authorization logic --Proof theory and a case study
Journal of Computer Security - STM'10
Journal of Computer Security - CSF 2010
| Hi-index | 0.00 |
This paper presents Paralocks, a language for building expressive but statically verifiable fine-grained information flow policies. Paralocks combine the expressive power of Flow Locks (Broberg & Sands, ESOP'06) with the ability to express policies involving run-time principles, roles (in the style of role-based access control), and relations (such as "acts-for" in discretionary access control). We illustrate the Paralocks policy language by giving a simple encoding of Myers and Liskov's Decentralized Label Model (DLM). Furthermore - and unlike the DLM - we provide an information flow semantics for full Paralock policies. Lastly we illustrate how Paralocks can be statically verified by providing a simple programming language incorporating Paralock policy specifications, and a static type system which soundly enforces information flow security according to the Paralock semantics.