A type system for access control views in object-oriented languages

Authors:
Mário Pires;Luís Caires
Affiliations:
CITI and Faculdade de Ciência e Tecnologias, Universidade Nova de Lisboa;CITI and Faculdade de Ciência e Tecnologias, Universidade Nova de Lisboa
Venue:
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Year:
2010

Citing 17
Cited 0

A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
A syntactic approach to type soundness

Information and Computation
Secrecy by typing in security protocols

Journal of the ACM (JACM)
Language-Based Security

MFCS '99 Proceedings of the 24th International Symposium on Mathematical Foundations of Computer Science
Types for Dynamic Interaction

CONCUR '93 Proceedings of the 4th International Conference on Concurrency Theory
A Language-Based Approach to Security

Informatics - 10 Years Back. 10 Years Ahead.
Logic in Access Control

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))

Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Refinement Types for Secure Implementations

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Fable: A Language for Enforcing User-defined Security Policies

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
AURA: a programming language for authorization and audit

Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Objects and session types

Information and Computation
Types and Effects for resource usage analysis

FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
A type discipline for authorization policies

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
History-based access control with local policies

FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Session types for object-oriented languages

ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

Access control to objects in common object-oriented languages is statically verified but cannot be changed at run-time. However, dynamic authorization is required by most applications and it would be desirable to check more flexible access control policies also statically, at least partially. In this work, we introduce a model where "views" to object references represent the current access control policy of a principal for a given object, and first class authorizations support dynamic modification of those policies. To demonstrate our concepts, we have developed a core language, equipped with a provably correct type and effect system capable of detecting unauthorized method calls at compile-time, and defined and implemented a typechecking algorithm.