Usage Automata

Bartoletti, Massimo

doi:10.1007/978-3-642-03459-6_4

Massimo Bartoletti¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5511))

Included in the following conference series:

Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security

291 Accesses
8 Citations

Abstract

Usage automata are an extension of finite stata automata, with some additional features (e.g. parameters and guards) that improve their expressivity. Usage automata are expressive enough to model security requirements of real-world applications; at the same time, they are simple enough to be statically amenable, e.g. they can be model-checked against abstractions of program usages. We study here some foundational aspects of usage automata. In particular, we discuss about their expressive power, and about their effective use in run-time mechanisms for enforcing usage policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, San Diego, California, USA, The Internet Society (2003)
Google Scholar
Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Local policies for resource usage analysis. To appear in ACM Tran. Programming Languages and Systems
Google Scholar
Bartoletti, M., Degano, P., Ferrari, G.-L., Zunino, R.: Types and effects for resource usage analysis. In: Seidl, H. (ed.) FOSSACS 2007. LNCS, vol. 4423, pp. 32–47. Springer, Heidelberg (2007)
Chapter Google Scholar
Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Model checking usage policies. In: Proceedings of the 4th Trustworthy Global Computing, Barcelona, Spain. LNCS, vol. 5474, pp. 19–35. Springer, Heidelberg (2009)
Chapter Google Scholar
Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Proceedings of the Workshop on Foundations of Computer Security (FCS) (2002)
Google Scholar
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with Polymer. In: Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), Chicago, USA, pp. 305–314. ACM, New York (2005)
Chapter Google Scholar
Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy (1989)
Google Scholar
Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)
Chapter Google Scholar
Fong, P.W.: Access control by tracking shallow execution history. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P 2004), Berkeley, CA, USA, May 9-12, pp. 43–55. IEEE Computer Society, Los Alamitos (2004)
Google Scholar
Gong, L.: Inside Java 2 platform security: architecture, API design, and implementation. Addison-Wesley, Reading (1999)
Google Scholar
Hamlen, K.W., Morrisett, J.G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. on Programming Languages and Systems 28(1), 175–205 (2006)
Article Google Scholar
Igarashi, A., Kobayashi, N.: Resource usage analysis. In: Proceedings of the 29th Annual Symposium on Principles of Programming Languages (POPL), pp. 331–342. ACM, New York (2002)
Google Scholar
Jalapa: Securing Java with Local Policies, http://jalapa.sourceforge.net
Martinelli, F., Mori, P.: Enhancing java security with history based access control. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 4677, pp. 135–159. Springer, Heidelberg (2007)
Chapter Google Scholar
Pandey, R., Hashii, B.: Providing fine-grained access control for java programs. In: Guerraoui, R. (ed.) ECOOP 1999. LNCS, vol. 1628, pp. 449–473. Springer, Heidelberg (1999)
Chapter Google Scholar
Schneider, F.B.: Enforceable security policies. ACM Trans. on Information and System Security 3(1), 30–50 (2000)
Article MathSciNet Google Scholar
Skalka, C., Smith, S.: History effects and verification. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 107–128. Springer, Heidelberg (2004)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Dipartimento di Matematica e Informatica, Università degli Studi di Cagliari, Italy
Massimo Bartoletti

Authors

Massimo Bartoletti
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dipartimento di Informatica, Università di Pisa, Largo Bruno Pontecorvo, 3, 56127, Pisa, Italy
Pierpaolo Degano
Dipartimento di Informatica, Università di Verona, Strada Le Grazie 15, 37134, Verona, Italy
Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bartoletti, M. (2009). Usage Automata. In: Degano, P., Viganò, L. (eds) Foundations and Applications of Security Analysis. ARSPA-WITS 2009. Lecture Notes in Computer Science, vol 5511. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03459-6_4

Download citation

DOI: https://doi.org/10.1007/978-3-642-03459-6_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03458-9
Online ISBN: 978-3-642-03459-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics