Abstract
An extension of the λ-calculus is proposed to study history-based access control. It allows for parametrized security policies with a possibly nested, local scope. To govern the rich interplay between local policies, we propose a combination of static analysis and dynamic checking. A type and effect system extracts from programs a correct approximation to the histories obtainable at run-time. A further static analysis over these approximations determines how to instrument code so to enforce the desired security constraints. The execution monitor, based on finite-state automata, runs efficiently the instrumented code.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Fournet, C.: Access control based on execution history. In: Proc. 10th Annual Network and Distributed System Security Symposium (2003)
Banerjee, A., Naumann, D.A.: History-based access control and secure information flow. In: Workshop on Construction and Analysis of Safe, Secure and Interoperable Smart Cards, CASSIS (2004)
Bartoletti, M., Degano, P., Ferrari, G.L.: Enforcing secure service composition. In: Proc. 18th Computer Security Foundations Workshop (CSFW) (2005)
Bartoletti, M., Degano, P., Ferrari, G.L.: History based access control with local policies. In: Proc. Fossacs (2005)
Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Foundations of Computer Security, FCS 2002 (2002)
Bergstra, J.A., Klop, J.W.: Algebra of communicating processes with abstraction. Theoretical Computer Science 37, 77–121 (1985)
Bradfield, J.C.: On the expressivity of the modal mu-calculus. In: Proc. International Symposium on Theoretical Aspects of Computer Science (1996)
Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: Proc. 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2000)
Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: Secure Internet Programming (1999)
Esparza, J.: On the decidability of model checking for several μ-calculi and Petri nets. In: Proc. 19th Int. Colloquium on Trees in Algebra and Programming (1994)
Fong, P.W.: Access control by tracking shallow execution history. In: IEEE Symposium on Security and Privacy (2004)
Fournet, C., Gordon, A.D.: Stack inspection: theory and variants. ACM Transactions on Programming Languages and Systems 25(3), 360–399 (2003)
Igarashi, A., Kobayashi, N.: Resource usage analysis. In: Proc. 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2002)
Kozen, D.: Results on the propositional μ-calculus. Theoretical Computer Science 27, 333–354 (1983)
Marriott, K., Stuckey, P.J., Sulzmann, M.: Resource usage verification. In: Proc. First Asian Programming Languages Symposium (2003)
Necula, G.C.: Proof-carrying code. In: Proc. 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (1997)
Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security (TISSEC) 3(1), 30–50 (2000)
Sewell, P., Vitek, J.: Secure composition of untrusted code: box-π, wrappers and causality types. Journal of Computer Security 11(2) (2003)
Skalka, C., Smith, S.: History effects and verification. In: Asian Programming Languages Symposium (2004)
Talpin, J.-P., Jouvelot, P.: The type and effect discipline. In: Proc. 7th IEEE Symposium on Logic in Computer Science (1992)
Walker, D.: A type system for expressive security policies. In: Proc. 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bartoletti, M., Degano, P., Ferrari, G.L. (2005). Checking Risky Events Is Enough for Local Policies. In: Coppo, M., Lodi, E., Pinna, G.M. (eds) Theoretical Computer Science. ICTCS 2005. Lecture Notes in Computer Science, vol 3701. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560586_9
Download citation
DOI: https://doi.org/10.1007/11560586_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29106-0
Online ISBN: 978-3-540-32024-1
eBook Packages: Computer ScienceComputer Science (R0)