A calculus for cryptographic protocols
Information and Computation
Secrecy by typing in security protocols
Journal of the ACM (JACM)
On SDSI's linked local name spaces
Journal of Computer Security
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
What You Always Wanted to Know About Datalog (And Never Dared to Ask)
IEEE Transactions on Knowledge and Data Engineering
Programming Access Control: The KLAIM Experience
CONCUR '00 Proceedings of the 11th International Conference on Concurrency Theory
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Typing correspondence assertions for communication protocols
Theoretical Computer Science
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Authenticity by typing for security protocols
Journal of Computer Security - Special issue on CSFW14
Access control for mobile agents: The calculus of boxed ambients
ACM Transactions on Programming Languages and Systems (TOPLAS)
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A Distributed Calculus for Rôle-Based Access Control
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Typing one-to-one and one-to-many correspondences in security protocols
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Secrecy despite compromise: types, cryptography, and the pi-calculus
CONCUR 2005 - Concurrency Theory
A type discipline for authorization policies
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Proceedings of the 15th ACM conference on Computer and communications security
A type system for data-flow integrity on Windows Vista
ACM SIGPLAN Notices
Type Inference for Correspondence Types
Electronic Notes in Theoretical Computer Science (ENTCS)
TAPIDO: trust and authorization via provenance and integrity in distributed objects
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Access control based on code identity for open distributed systems
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Towards a theory of accountability and audit
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A type system for access control views in object-oriented languages
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Programming cryptographic protocols
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
Reflections on trust: trust assurance by dynamic discovery of static properties
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
From typed process calculi to source-based security
SAS'05 Proceedings of the 12th international conference on Static Analysis
Computational secrecy by typing for the pi calculus
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Belief semantics of authorization logic
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
Hi-index | 0.00 |
Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as, for instance, digital signatures, local ACLs, and encrypted communications. In principle, authorization specifications can be separated from code and carefully audited. Logic programs, in particular, can express policies in a simple, abstract manner. For a given authorization policy, we consider the problem of checking whether a cryptographic implementation complies with the policy. We formalize authorization policies by embedding logical predicates and queries within a spi calculus. This embedding is new, simple, and general; it allows us to treat logic programs as specifications of code using secure channels, cryptography, or a combination. Moreover, we propose a new dependent type system for verifying such implementations against their policies. Using Datalog as an authorization logic, we show how to type several examples using policies and present a general schema for compiling policies.