Journal of the ACM (JACM)
ACM Transactions on Information and System Security (TISSEC)
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An efficient security verification method for programs with stack inspection
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Introduction to Automata Theory, Languages and Computability
Introduction to Automata Theory, Languages and Computability
Introduction to Algorithms
Model-Checking LTL with Regular Valuations for Pushdown Systems
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
A Specification Language for Distributed Policy Control
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Efficient Algorithms for Model Checking Pushdown Systems
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
A BDD-Based Model Checker for Recursive Programs
CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Enforcing Secure Service Composition
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
History-based access control and secure information flow
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Efficient IRM enforcement of history-based access control policies
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Trustworthy Global Computing
Local policies for resource usage analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Automatic generation of history-based access control from information flow specification
ATVA'10 Proceedings of the 8th international conference on Automated technology for verification and analysis
Higher-order program verification and language-based security
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
| Hi-index | 0.00 |
Stack inspection is now broadly used as dynamic access control infrastructure in such runtime environments as Java virtual machines and Common Language Runtime. However, stack inspection is not sufficient for security assurance since the stack does not retain security information on the invoked methods for which execution is finished. To solve this problem, access control models based on execution history have been proposed. This paper presents a formal model for programs with access control based on execution history, which are called HBAC programs. Their expressive power is shown to be strictly stronger than programs with stack inspection. It is also shown that the verification problem for HBAC programs is EXPTIME-complete, while the problem is solvable in polynomial time under a reasonable assumption. Finally, this paper presents a few optimization techniques used in the implementation of a verification tool for HBAC programs. The results of experiments show that the tool can verify practical HBAC programs within a reasonable time.