Abstract
This paper considers what happens when a system erroneously places trust in an attacker. More precisely we consider untyped attackers inside a distributed system in which security is enforced by the type system. Our Key-Based Decentralised Label Model for distributed access control combines a weak form of information flow control with cryptographic type casts. We extend our model to allow inside attackers by using three sets of type rules. The first set is for honest principals. The second set is for attackers; these rules require that only communication channels can be used to communicate and express our correctness conditions. The third set of type rules are used to type processes that have become corrupted by the attackers. We show that the untyped attackers can leak their own data and disrupt the communication of any principals that place direct trust in an attacker, but no matter what the attackers try, they cannot obtain data that does not include at least one attacker in its access control policy.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
[Aba97]Abadi, M.: Secrecy by typing in security protocols. In: Theoretical Aspects of Computer Science, pp. 611–638 (1997)
[AFG99] Abadi, M., Fournet, C., Gonthier, G.: Secure communications processing for distributed languages. In: IEEE Symposium on Security and Privacy (1999)
[AFG00] Abadi, M., Fournet, C., Gonthier, G.: Authentication primitives and their compilation. In: Proceedings of ACM Symposium on Principles of Programming Languages (2000)
[AG99] Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)
[CDV03] Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: Computer Security Foundations Workshop, Asilomar, California. IEEE, Los Alamitos (June 2003)
[CDV04] Chothia, T., Duggan, D., Vitek, J.: Principals, policies and keys in a secure distributed programming language. In: Foundations of Computer Security (2004)
[CGG00] Cardelli, L., Ghelli, G., Gordon, A.D.: Secrecy and group creation. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, p. 365. Springer, Heidelberg (2000)
[CV99]Castagna, G., Vitek, J.: A calculus of secure mobile computations. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 44–77. Springer, Heidelberg (1999)
[DD77] Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM (1977)
[Dug03] Duggan, D.: Type-based cryptographic operations. Journal of Computer Security (2003)
[HR99] Hennessy, M., Riely, J.: Type-safe execution of mobile agents in anonymous networks. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, Springer, Heidelberg (1999)
[ML97] Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Symposium on Operating Systems Principles (1997)
[Mye99] Myers., A.C.: Jflow: Practical mostly-static information flow control. In: Proceedings of ACM Symposium on Principles of Programming Languages, pp. 228–241 (1999)
[PC00] Pottier, F., Conchon, S.: Information flow inference for free. In: Proceedings of ACM International Conference on Functional Programming (2000)
[RH99] Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. In: Proceedings of ACM Symposium on Principles of Programming Languages (1999)
[SM02] Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications (2002)
[VS97] Volpano, D., Smith, G.: A type-based approach to program security. In: Proceedings of the International Joint Conference on Theory and Practice of Software Development. Springer, Heidelberg (1997)
[ZCZM03]Zheng, L., Chong, S., Zdancewic, S., Myers, A.C.: Building secure distributed systems using replication and partitioning. In: IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (2003)
[ZZNM02] Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Secure program partitioning. Transactions on Computer Systems 20(3), 283–328 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chothia, T., Duggan, D. (2006). Type-Based Distributed Access Control vs. Untyped Attackers. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2005. Lecture Notes in Computer Science, vol 3866. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11679219_15
Download citation
DOI: https://doi.org/10.1007/11679219_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-32628-1
Online ISBN: 978-3-540-32629-8
eBook Packages: Computer ScienceComputer Science (R0)