A lattice model of secure information flow
Communications of the ACM
Bounded Model Checking Using Satisfiability Solving
Formal Methods in System Design
What You Always Wanted to Know About Datalog (And Never Dared to Ask)
IEEE Transactions on Knowledge and Data Engineering
On protection in operating systems
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
NETRA:: seeing through access control
Proceedings of the fourth ACM workshop on Formal methods in security
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
Efficient and flexible access control via Jones-optimal logic program specialisation
Higher-Order and Symbolic Computation
A Linear time algorithm for deciding security
SFCS '76 Proceedings of the 17th Annual Symposium on Foundations of Computer Science
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
Trojan horse resistant discretionary access control
Proceedings of the 14th ACM symposium on Access control models and technologies
A logical specification and analysis for SELinux MLS policy
ACM Transactions on Information and System Security (TISSEC)
Faceted execution of policy-agnostic programs
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
| Hi-index | 0.00 |
We present SEAL, a language for specification and analysis of safety properties for label-based access control systems. A SEAL program represents a possibly infinite-state non-deterministic transition system describing the dynamic behavior of entities and their relevant access control operations. The features of our language are derived directly from the need to model new access control features arising from state-of-the art models in Windows 7, Asbestos, HiStar and others. We show that the reachability problem for this class of models is undecidable even for simple SEAL programs, but a bounded model-checking algorithm is able to validate interesting properties and discover relevant attacks.