Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
A type system for data-flow integrity on Windows Vista
ACM SIGPLAN Notices
A language for information flow: dynamic tracking in multiple interdependent dimensions
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Modular string-sensitive permission analysis with demand-driven precision
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
A permission system for secure AOP
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Automatic generation of history-based access control from information flow specification
ATVA'10 Proceedings of the 8th international conference on Automated technology for verification and analysis
An HBAC-based approximation for IBAC programs
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.00 |
Modern component-based systems, such as Java and Microsoft .NET Common Language Runtime (CLR), have adopted Stack-Based Access Control (SBAC). Its purpose is to use stack inspection to verify that all the code responsible for a security-sensitive action is sufficiently authorized to perform that action. Previous literature has shown that the security model enforced by SBAC is flawed in that stack inspection may allow unauthorized code no longer on the stack to influence the execution of security-sensitive code. A different approach, History-Based Access Control (HBAC), is safe but may prevent authorized code from executing a security-sensitive operation if less trusted code was previously executed. In this paper, we formally introduce Information-Based Access Control (IBAC), a novel security model that verifies that all and only the code responsible for a security-sensitive operation is sufficiently authorized. Given an access-control policy á, we present a mechanism to extract from it an implicit integrity policy é, and we prove that IBAC enforces é. Furthermore, we discuss large-scale application code scenarios to which IBAC can be successfully applied.