Skip to main content
Springer Nature Link
Log in

History-Based Access Control and Secure Information Flow

  • Conference paper
Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3362))

  • 531 Accesses

Abstract

This paper addresses the problem of static checking of programs to ensure that they satisfy confidentiality policies in the presence of dynamic access control in the form of Abadi and Fournet’s history-based access control mechanism. The Java virtual machine’s permission-based stack inspection mechanism provides dynamic access control and is useful in protecting trusted callees from untrusted callers. In contrast, history-based access control provides a stateful view of permissions: permissions after execution are at most the permissions before execution. This allows protection of both callers and callees.

The main contributions of this paper are to provide a semantics for history-based access control and a static analysis for confidentiality that takes history-based access control into account. The static analysis is a type and effects analysis where the chief novelty is the use of security types dependent on permission state. We also show that in contrast to stack inspection, confidential information can be leaked by the history-based access control mechanism itself. The analysis ensures a noninterference property formalizing confidentiality.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, pp. 107–121 (February 2003)

    Google Scholar 

  2. Banerjee, A., Naumann, D.A.: Stack-based access control and secure information flow. Journal of Functional Programming, Special Issue on Language-based Security (to appear)

    Google Scholar 

  3. Banerjee, A., Naumann, D.A.: Secure information flow and pointer confinement in a Java-like language. In: IEEE Computer Security Foundations Workshop (CSFW), pp. 253–270. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  4. Banerjee, A., Naumann, D.A.: Using access control for secure information flow in a Java-like language. In: IEEE Computer Security Foundations Workshop (CSFW), pp. 155–169. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  5. Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, MITRE Corp. (1973)

    Google Scholar 

  6. Denning, D., Denning, P.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  7. Fournet, C., Gordon, A.D.: Stack inspection: Theory and variants. ACM Trans. Prog. Lang. Syst. 25(3), 360–399 (2003)

    Article  Google Scholar 

  8. Goguen, J., Meseguer, J.: Security policies and security models. In: Proceedings of the 1982 IEEE Symposium on Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  9. Gong, L.: Inside Java 2 Platform Security. Addison-Wesley, Reading (1999)

    Google Scholar 

  10. Gough, J.: Compiling for the .NET Common Language Runtime. Prentice Hall, Englewood Cliffs (2001)

    Google Scholar 

  11. Heintze, N., Riecke, J.G.: The SLam calculus: programming with secrecy and integrity. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 365–377 (1998)

    Google Scholar 

  12. Igarashi, A., Kobayashi, N.: Resource Usage Analysis. ACM Trans. Prog. Lang. Syst. (2004) (to appear)

    Google Scholar 

  13. Mandelbaum, Y., Walker, D., Harper, R.: An effective theory of type refinements. In: Proceedings of the the Eighth ACM SIGPLAN International Conference on Functional Programming, ICFP 2003 (August 2003)

    Google Scholar 

  14. Marriott, K., Stuckey, P.J., Sulzmann, M.: Resource usage verification. In: Proceedings of the First Asian Programming Languages Symposium, APLAS (2003)

    Google Scholar 

  15. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 228–241 (1999)

    Google Scholar 

  16. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  17. Sun, Q., Banerjee, A., Naumann, D.A.: Modular and constraint-based information flow inference for an object-oriented language. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 84–99. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  18. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167–187 (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing and Information Sciences, Kansas State University, Manhattan, KS, 66506, USA

    Anindya Banerjee

  2. Department of Computer Science, Stevens Institute of Technology, Hoboken, NJ, 07030, USA

    David A. Naumann

Authors
  1. Anindya Banerjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David A. Naumann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software, Madrid, Spain

    Gilles Barthe

  2. INRIA Sophia Antipolis, France

    Lilian Burdy  & Marieke Huisman  & 

  3. Gemalto, France

    Jean-Louis Lanet

  4. Ecole Supérieure D’Ingénieurs de Luminy - Case 925 - ESIL Parc Scientifique, Université de la Méditerranée, 13288, Marseille, France

    Traian Muntean

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Banerjee, A., Naumann, D.A. (2005). History-Based Access Control and Secure Information Flow. In: Barthe, G., Burdy, L., Huisman, M., Lanet, JL., Muntean, T. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2004. Lecture Notes in Computer Science, vol 3362. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30569-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30569-9_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24287-1

  • Online ISBN: 978-3-540-30569-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics