Checking risky events is enough for local policies

Authors:
Massimo Bartoletti;Pierpaolo Degano;Gian Luigi Ferrari
Affiliations:
Dipartimento di Informatica, Università di Pisa, Italy;Dipartimento di Informatica, Università di Pisa, Italy;Dipartimento di Informatica, Università di Pisa, Italy
Venue:
ICTCS'05 Proceedings of the 9th Italian conference on Theoretical Computer Science
Year:
2005

Citing 12
Cited 5

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing trace properties by program transformation

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for expressive security policies

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
History-based access control for mobile code

Secure Internet programming
Resource usage analysis

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Stack inspection: Theory and variants

ACM Transactions on Programming Languages and Systems (TOPLAS)
On the Expressivity of the Modal Mu-Calculus

STACS '96 Proceedings of the 13th Annual Symposium on Theoretical Aspects of Computer Science
On the Decidability of Model Checking for Several µ-calculi and Petri Nets

CAAP '94 Proceedings of the 19th International Colloquium on Trees in Algebra and Programming
Secure composition of untrusted code: box π, wrappers, and causality types

Journal of Computer Security - CSFW13
Enforcing Secure Service Composition

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
History-based access control with local policies

FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures

Local policies for resource usage analysis

ACM Transactions on Programming Languages and Systems (TOPLAS)
Types and Effects for resource usage analysis

FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
Call-by-contract for service discovery, orchestration and recovery

Rigorous software engineering for service-oriented systems
From qualitative to quantitative enforcement of security policy

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
A framework for automatic generation of security controller

Software Testing, Verification & Reliability

Quantified Score

Hi-index	0.00

Visualization

Abstract

An extension of the λ-calculus is proposed to study history-based access control. It allows for parametrized security policies with a possibly nested, local scope. To govern the rich interplay between local policies, we propose a combination of static analysis and dynamic checking. A type and effect system extracts from programs a correct approximation to the histories obtainable at run-time. A further static analysis over these approximations determines how to instrument code so to enforce the desired security constraints. The execution monitor, based on finite-state automata, runs efficiently the instrumented code.