Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Resource access control in systems of mobile agents
Information and Computation
Model checking security properties of control flow graphs
Journal of Computer Security
A Systematic Approach to Static Access Control
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
OLD Resolution with Tabulation
Proceedings of the Third International Conference on Logic Programming
WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Enforcing resource bounds via static verification of dynamic checks
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Safety Guarantees from Explicit Resource Management
Formal Methods for Components and Objects
A Framework for the Analysis of Access Control Models for Interactive Mobile Devices
Types for Proofs and Programs
MOBIUS: mobility, ubiquity, security objectives and progress report
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
A formal specification of the MIDP 2.0 security model
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Extracting control from data: user interfaces of MIDP applications
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Verifying resource access control on mobile interactive devices
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Hi-index | 0.00 |
This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a certain number of times. An operational semantics of the model and a formal definition of what it means for an application to respect the security model is given. A static analysis which enforces the security model is defined and proved correct. A constraint solving algorithm implementing the analysis is presented.