The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
Compiling for the .Net Common Language Runtime
Compiling for the .Net Common Language Runtime
Stack inspection: Theory and variants
ACM Transactions on Programming Languages and Systems (TOPLAS)
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
An effective theory of type refinements
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
Stack-based access control and secure information flow
Journal of Functional Programming
ACM Transactions on Programming Languages and Systems (TOPLAS)
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Policy framings for access control
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Foundations of security analysis and design IV
Automatic generation of history-based access control from information flow specification
ATVA'10 Proceedings of the 8th international conference on Automated technology for verification and analysis
Call-by-contract for service discovery, orchestration and recovery
Rigorous software engineering for service-oriented systems
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
HBAC: a model for history-based access control and its model checking
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Mobi-CoSWAC: an access control approach for collaborative scientific workflow in mobile environment
ICPCA/SWS'12 Proceedings of the 2012 international conference on Pervasive Computing and the Networked World
An HBAC-based approximation for IBAC programs
Proceedings of the 6th International Conference on Security of Information and Networks
Runtime verification using policy-based approach to control information flow
International Journal of Security and Networks
Intuitionistic Hypothetical Logic of Proofs
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
This paper addresses the problem of static checking of programs to ensure that they satisfy confidentiality policies in the presence of dynamic access control in the form of Abadi and Fournet's history-based access control mechanism. The Java virtual machine's permission-based stack inspection mechanism provides dynamic access control and is useful in protecting trusted callees from untrusted callers. In contrast, history-based access control provides a stateful view of permissions: permissions after execution are at most the permissions before execution. This allows protection of both callers and callees. The main contributions of this paper are to provide a semantics for history-based access control and a static analysis for confidentiality that takes history-based access control into account. The static analysis is a type and effects analysis where the chief novelty is the use of security types dependent on permission state. We also show that in contrast to stack inspection, confidential information can be leaked by the history-based access control mechanism itself. The analysis ensures a noninterference property formalizing confidentiality.