A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Access control for the web via proof-carrying authorization
Access control for the web via proof-carrying authorization
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secrecy by Typing and File-Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Non-Interference in Constructive Authorization Logic
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Access Control in a Core Calculus of Dependency
Electronic Notes in Theoretical Computer Science (ENTCS)
Design and Semantics of a Decentralized Authorization Language
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A Type Discipline for Authorization in Distributed Systems
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
Security-typed programming within dependently typed programming
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Privacy-aware proof-carrying authorization
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
| Hi-index | 0.00 |
By shifting the burden of proofs to the user, a proof-carrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those proofs can be a daunting task for the user. In this paper we develop a Bash-like language, PCAL, that can automate correct and efficient use of a PCA interface. Given a PCAL script, the PCAL compiler tries to statically construct the proofs required for executing the commands in the script, while re-using proofs to the extent possible and rewriting the script to construct the remaining proofs dynamically. We obtain a formal guarantee that if the policy does not change between compile time and run time, then the compiled script cannot fail due to access checks at run time.