Abstract
We present dharma, a distributed high assurance reference monitor that is generated mechanically by the formal methods tool PVS from a verified specification of its key algorithms. dharma supports policies that allow delegation of access rights, as well as structured, distributed names. To test dharma, we use it as the core reference monitor behind a web server that serves files over SSL connections. Our measurements show that formally verified high assurance access control systems are practical.
This work is supported by DARPA through SPAWAR contract N66001-00-C-8015 and by DOD University Research Initiative (URI) program administered by the Office of Naval Research under Grant N00014-01-1-0795.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. TOPLAS 15(4), 706–734 (1993)
Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51, U.S. Air Force, Electronic Systems Division, Deputy for Command and Management Systems, HQ Electronic Systems Division (AFSC), L. G. Hanscom Field, Bedford, MA 01730 USA, Volume 2, pp. 58–69 (October 1972)
Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)
Bauer, L., Schneider, M.A., Felten, E.W.: A general and flexible access-control system for the web. In: Proc. of the 11th USENIX Security Symposium, San Francisco, CA (August 2002)
Berson, T.A., Barksdale, G.L.: KSOS: Development methodology for a secure operating system. In: AFIPS Conference Proc., National Computer Conference, vol. 48, pp. 365–371 (1979)
Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: Trust management for public-key infrastructures. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. of the 1996 IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1996, pp. 164–173 (1996)
Boebert, W.E., Kain, R.Y., Young, W.D., Hansohn, S.A.: Secure Ada target: Issues, system design, and verification. In: Proc. of the 1985 IEEE Symposium on Security and Privacy, Oakland, CA, May 1985, pp. 176–190 (1985)
Chander, A., Dean, D., Mitchell, J.: A state-transition model of trust management and access control. In: Proc. of the 14th IEEE Computer Security Foundations Workshop, June 2001, pp. 27–43 (2001)
Chander, A., Dean, D., Mitchell, J.C.: Reconstructing trust management. Journal of Computer Security 12(1), 131–164 (2004)
Chen, H., Wagner, D.: MOPS: An infrastructure for examining security properties of software. In: Proc. of the 9th ACM Conference on Computer and Communication Security, Washington D.C, November 2002, pp. 235–244 (2002)
Chen, H., Wagner, D., Dean, D.: Setuid demystified. In: Proc. of the 11th USENIX Security Symposium, San Francisco, CA, August 2002, pp. 171–190 (2002)
Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)
Clarke, D.E.: SPKI/SDSI http server / certificate chain discovery in SPKI/SDSI. Master’s thesis, Massachusetts Institute of Technology (2001)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory. RFC 2693 (September 1999)
Engler, D.R., Kaashoek, M.F., O’Toole Jr., J.: Exokernel: an operating system architecture for application-level resource management. In: Proc. of the 15th ACM Symposium on Operating Systems Principles (SOSP 1995), Copper Mountain, CO, December 1995, pp. 251–266 (1995)
Fraim, L.J.: SCOMP: A solution to the multilevel security problem. IEEE Computer 16(7), 26–34 (1983)
Good, D.I., London, R.L., Bledsoe, W.W.: An interactive program verification system. IEEE Transactions on Software Engineering 1(1), 59–67 (1975)
Gutmann, P.: The Design and Verification of a Cryptographic Security Architecture. PhD thesis, Department of Computer Science, University of Auckland (August 2000)
Hartman, B.: A Gypsy-based kernel. In: Proc. of the 1984 IEEE Symposium on Security and Privacy, Oakland, CA, May 1984, pp. 219–225 (1984)
Foderaro, J.: AllegroServe – A Web Application Server (Franz. Inc.), http://allegroserve.sourceforge.net/
Karhs, S., Sannella, D., Tarlecki, A.: The definition of Extended ML: a gentle introduction. Theoretical Computer Science 173, 445–484 (1997)
Lampson, B.: Protection. In: Proc. of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443. Princeton University Press, Princeton (1971)
Li, N., Winsborough, W., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)
Locasso, R., Scheid, J., Schorre, D.V., Eggert, P.R.: The Ina Jo Specification Language Reference Manual. In: System Development Corporation, Santa Monica, CA (November 1980)
Luckham, D.C., German, S.M., von Henke, F.W., Karp, R.A., Milne, P.W., Oppen, D.C., Polak, W., Scherlis, W.L.: Stanford Pascal Verifier user manual. CSD Report STAN-CS-79-731, Stanford University, Stanford, CA (March 1979)
Mortensen, K.H.: Automatic code generation method based on coloured petri net models applied on an access control system. In: Nielsen, M., Simpson, D. (eds.) ICATPN 2000. LNCS, vol. 1825, pp. 367–386. Springer, Heidelberg (2000)
Mosberger, D., Jin, T.: httperf: A tool for measuring web server performance. In: First Workshop on Internet Server Performance, June 1998, pp. 59–67. ACM, New York (1998)
Necula, G.C.: Proof-carrying code. In: Conference Record of POPL 1997: The 24th ACM Symposium on Principles of Programming Languages, Paris, France, January 1997, pp. 106–119 (1997)
Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. In: USENIX (ed.) 2nd Symposium on Operating Systems Design and Implementation (OSDI 1996), Seattle, WA, October 28–31, pp. 229–243. USENIX, Berkeley (1996)
Neumann, P.G., Boyer, R.S., Feiertag, R.J., Levitt, K.N., Robinson, L.: A provably secure operating system: The system, its applications, and proofs. Technical Report CSL-116, 2nd Ed., SRI International (May 1980)
Owre, S., Shankar, N., Rushby, J.M., Stringer-Calvert, D.W.J.: PVS Language Reference, Version 2.3. SRI International (September 1999), http://pvs.csl.sri.com/
Pfenning, F., Schürmann, C.: System description: Twelf — A metalogical framework for deductive systems. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 202–206. Springer, Heidelberg (1999)
Reed, D.P.: Naming and synchronization in a decentralized computer system. Technical Report MIT/LCS/TR-205, Massachusetts Institute of Technology, Also Ph.D. thesis (September 1978)
Rescorla, E.: An introduction to OpenSSL programming, Part I. Originally appeared in the Linux Journal (2001), http://www.rtfm.com/openssl-examples/part1.pdf
Rivest, R., Lampson, B.: SDSI–A Simple Distributed Security Infrastructure (October 1996), http://theory.lcs.mit.edu/~rivest/sdsi11.html
Rushby, J.: Noninterference, transitivity, and channel-control policies. Technical Report SRI-CSL-92-02, SRI International (December 1992)
U.S. D.O.D. Trusted Computer System Evaluation Criteria (‘Orange Book’) (1983)
Vecellio, G., Thomas, W.: Issues in the assurance of component-based software. In: Proc. of the, Workshop on Continuing Collaborations for Successful COTS Development (ICSE2000), Limerick, Ireland (2000), http://wwwsel.iit.nrc.ca/projects/cots/icse2000wkshp/Papers/14.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chander, A., Dean, D., Mitchell, J. (2004). A Distributed High Assurance Reference Monitor. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-30144-8_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23208-7
Online ISBN: 978-3-540-30144-8
eBook Packages: Springer Book Archive