Secrecy by typing in security protocols
Journal of the ACM (JACM)
Audit-based compliance control
International Journal of Information Security
A posteriori compliance control
Proceedings of the 12th ACM symposium on Access control models and technologies
A Type Discipline for Authorization in Distributed Systems
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Introducing secure provenance: problems and challenges
Proceedings of the 2007 ACM workshop on Storage security and survivability
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
A formal implementation of value commitment
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
An intensive survey of fair non-repudiation protocols
Computer Communications
Accountability: definition and relationship to verifiability
Proceedings of the 17th ACM conference on Computer and communications security
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
Typechecking higher-order security libraries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
A core calculus for provenance
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A core calculus for provenance
Journal of Computer Security - Security and Trust Principles
Hi-index | 0.00 |
Many protocols rely on audit trails to allow an impartial judge to verify a posteriori some property of a protocol run. However, in current practice the choice of what data to log is left to the programmer's intuition, and there is no guarantee that it constitutes enough evidence. We give a precise definition of auditability and we show how typechecking can be used to statically verify that a protocol always logs enough evidence. We apply our approach to several examples, including a full-scale auction-like protocol programmed in ML.