A formal model of access control for mobile interactive devices

Authors:
Frédéric Besson;Guillaume Dufay;Thomas Jensen
Affiliations:
IRISA, Rennes, France;IRISA, Rennes, France;IRISA, Rennes, France
Venue:
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Year:
2006

Citing 10
Cited 6

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Stack inspection: theory and variants

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Resource usage analysis

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Resource access control in systems of mobile agents

Information and Computation
Model checking security properties of control flow graphs

Journal of Computer Security
A Systematic Approach to Static Access Control

ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
OLD Resolution with Tabulation

Proceedings of the Third International Conference on Logic Programming
The Octagon Abstract Domain

WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Enforcing resource bounds via static verification of dynamic checks

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
History-based access control with local policies

FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures

Safety Guarantees from Explicit Resource Management

Formal Methods for Components and Objects
A Framework for the Analysis of Access Control Models for Interactive Mobile Devices

Types for Proofs and Programs
MOBIUS: mobility, ubiquity, security objectives and progress report

TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
A formal specification of the MIDP 2.0 security model

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Extracting control from data: user interfaces of MIDP applications

TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Verifying resource access control on mobile interactive devices

Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a certain number of times. An operational semantics of the model and a formal definition of what it means for an application to respect the security model is given. A static analysis which enforces the security model is defined and proved correct. A constraint solving algorithm implementing the analysis is presented.