The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Security properties of typed applets
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A lattice model of secure information flow
Communications of the ACM
An efficient security verification method for programs with stack inspection
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A Systematic Approach to Static Access Control
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Model-Checking LTL with Regular Valuations for Pushdown Systems
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Efficient Algorithms for Model Checking Pushdown Systems
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
From Stack Inspection to Access Control: A Security Analysis for Libraries
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Stack-based access control and secure information flow
Journal of Functional Programming
Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
History-based access control and secure information flow
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
HBAC: a model for history-based access control and its model checking
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
| Hi-index | 0.00 |
This paper proposes a method for automatically inserting check statements for access control into a given recursive program according to a given security specification. A history-based access control (HBAC) is assumed as the access control model. A security specification is given in terms of information flow. We say that a program π satisfies a specification Γ if π is type-safe when we consider each security class in Γ as a type. We first define the problem as the one to insert check statements into a given program π to obtain a program π′ that is type-safe for a given specification Γ. This type system is sound in the sense that if a program π is type-safe for a specification Γ, then π has noninterference property for Γ. Next, the problem is shown to be co-NP-hard and we propose an algorithm for solving the problem. The paper also reports experimental results based on our implemented system and shows that the proposed method can work within reasonable time.