AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Variations in Access Control Logic
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Proceedings of the 15th ACM conference on Computer and communications security
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Verification of Correspondence Assertions in a Calculus for Mobile Ad Hoc Networks
Electronic Notes in Theoretical Computer Science (ENTCS)
A type system for discretionary access control†
Mathematical Structures in Computer Science
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
A modal deconstruction of access control logics
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
TAPIDO: trust and authorization via provenance and integrity in distributed objects
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Access control based on code identity for open distributed systems
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Reliable evidence: auditability by typing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
PCAL: language support for proof-carrying authorization systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Symbolic security analysis of ruby-on-rails web applications
Proceedings of the 17th ACM conference on Computer and communications security
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
AuraConf: a unified approach to authorization and confidentiality
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
A testing theory for a higher-order cryptographic language
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Dynamic policy discovery with remote attestation
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Reflections on trust: trust assurance by dynamic discovery of static properties
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Union and intersection types for secure protocol implementations
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
We consider the problem of statically verifying the conformance of the code of a system to an explicit authorization policy. In a distributed setting, some part of the system may be compromised, that is, some nodes of the system and their security credentials may be under the control of an attacker. To help predict and bound the impact of such partial compromise, we advocate logic-based policies that explicitly record dependencies between principals. We propose a conformance criterion, safety despite compromised principals, such that an invalid authorization decision at an uncompromised node can arise only when nodes on which the decision logically depends are compromised. We formalize this criterion in the setting of a process calculus, and present a verification technique based on a type system. Hence, we can verify policy conformance of code that uses a wide range of the security mechanisms found in distributed systems, ranging from secure channels down to cryptographic primitives, including encryption and public-key signatures.