skip to main content
10.1145/1069774.1069789acmconferencesArticle/Chapter ViewAbstractPublication PagesppdpConference Proceedingsconference-collections
Article

Security policy in a declarative style

Published: 11 July 2005 Publication History

Abstract

We address the problem of controlling information leakage in a concurrent declarative programming setting. Our aim is to define verification tools in order to distinguish between authorized, or declared, information flows such as password testing (e.g., ATM, login processes, etc.) and non-authorized ones. In this paper, we first propose a way to define security policies as confluent and terminating rewrite systems. Such policies define how the privacy levels of information evolve. Then, we provide a formal definition of secure processes with respect to a given security policy. We also define an actual verification algorithm of secure processes based on constraint solving.

References

[1]
M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. In Proceedings of the 29th Annual ACM SIGPLAN - SIGACT Symposium on Principles of Programming Languages (POPL 2002), pages 33--44, Portland, Jan. 2002. ACM Press.]]
[2]
G. Boudol and I. Castellani. Noninterference for concurrent programs and thread systems. Theoretical Computer Science, 281(1):109--130, 2002. Special issue: "Merci, Maurice, A mosaic in honour of Maurice Nivat" (P.-L. Curien, Ed.).]]
[3]
P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th ACM SIGPLAN - SIGACT Symposium on Principles of Programming Languages (POPL '77), pages 238--252, Los Angeles, Jan. 1977. ACM.]]
[4]
N. Dershowitz and D. A. Plaisted. Rewriting. In A. Robinson and A. Voronkov, editors, Handbook of Automated Reasoning (in 2 volumes, chapter 9, pages 535--610. Elsevier and MIT Press, Amsterdam, 2001.]]
[5]
R. Echahed and F. Prost. Handling harmless interference (preliminary version). 2003. url: www-leibniz.imag.fr/LesCahiers/Cahier82/ResumCahier82.html.]]
[6]
R. Echahed and F. Prost. Handling declared information leakage (extended abstract). In Proceedings of Workshop on Issues in the Theory of Security 2005 (WITS'05), Long Beach, January 2005.]]
[7]
R. Echahed, F. Prost, and W. Serwe. Statically assuring secrecy for dynamic concurrent processes. 2003. proceedings of PPDP'03, preliminary version avalaible at http://www-leibniz.imag.fr/LesCahiers/2002/Cahier40/ResumCahier40.html.]]
[8]
R. Echahed and W. Serwe. Combining mobile processes and declarative programming. In J. Lloyd et al., editors, Proceedings of the 1st International Conference on Computational Logic (CL 2000), volume 1861 of Lecture Notes in Artificial Intelligence, pages 300--314, London, July 2000. Springer Verlag.]]
[9]
R. Echahed and W. Serwe. Integrating action definitions into concurrent declarative programming. Electronic Notes in Theoretical Computer Science, 64, Sept. 2002. special issue: selected papers of the International Workshop on Functional and (Constraint) Logic Programming (WFLP 2001).]]
[10]
W. Fokkink. Introduction to Process Algebra. Texts in Theoretical Computer Science. Springer Verlag, 2000.]]
[11]
R. Giacobazzi and I. Mastroeni. Abstract non-interference. In Proceedings of the 31th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'04), Venice, Italy, Jan. 2004.]]
[12]
J. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, pages 11--20. IEEE Computer Society Press, 1982.]]
[13]
J. A. Goguen and J. Meseguer. Unwinding and inference control. In IEEE Symposium on Security and Privacy, pages 75--87, 1984.]]
[14]
M. Hennessy and J. Riely. Information flow vs. ressource access in the asynchronous pi-calculus. In Automata, Languages and Programming, 27th International Colloquium, (ICALP'2000), LNCS 1853, pages 415--427. Springer, 2000.]]
[15]
P. Li and S. Zdancewic. Dowgrading policies and relaxed noninterference. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '05), Long Beach, California, USA, january 2005.]]
[16]
H. Mantel and D. Sands. Controlled declassification based on intransitive noninterference. In 2nd ASIAN Symposium on Programming Languages and Systems, 2004.]]
[17]
J. Mullins. Nondeterministic admissible interference. Journal of Universal Computer Science, 6(11):1054--1070, November 2000.]]
[18]
A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. In 17th IEEE Computer Security Foundations Workshop, pages 172--186, 2004.]]
[19]
A. D. Pierro, C. Hankin, and H. Wiklicky. Approximate confinement under uniform attacks. In M. V. Hermenegildo and G. Puebla, editors, SAS'02 -- Static Analysis, 9th International Symposium, number 2477 in Lecture Notes in Computer Science, Madrid, Spain, September 2002. Springer.]]
[20]
A. D. Pierro, C. Hankin, and H. Wiklicky. Approximate non-interference. In CSFW'02 -- 15th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, 2002.]]
[21]
F. Pottier and V. Simonet. Information flow inference for ML. ACM Transactions on Programming Languages and Systems, 25(1):117--158, january 2003.]]
[22]
F. Prost. A static calculus of dependencies for the λ-cube. In Proceedings of the 15th Annual IEEE Symposium on Logic in Computer Science (LICS '2000), pages 267--276, Santa Barbara, 2000. IEEE Computer Society Press.]]
[23]
A. W. Roscoe and M. H. Goldsmith. What is intransitive noninterference ? In Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.]]
[24]
J. Rushby. Noninterference, transitivity, and channel-control security policies. Technical report, Computer Science Laboratory, SRI International, Dec. 1992. Technical Report CSL-92-02.]]
[25]
P. Ryan, J. McLean, J. Millen, and V. Gilgor. Non-interference, who needs it ? In CSFW'01 -- 14th IEEE Computer Security Foundations Workshop, pages 237 -- 238, Cape Breton, Nova Scotia, Canada, June 2001.]]
[26]
P. Ryan and S. Schneider. Process algebra and non-interference. In PCSFW: Proceedings of The 12th Computer Security Foundations Workshop. IEEE Computer Society Press, 1999.]]
[27]
A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, special issue on Design and Analysis Techniques for Security Assurance, 2002. to appear.]]
[28]
G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proc. of the 25th ACM Symposium on Principles of Programming Languages (POPL'98), pages 355--364. ACM, 1998.]]
[29]
G. Smith and D. M. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '98), pages 355--364, San Diego, Jan. 1998.]]
[30]
G. Smith, D. M. Volpano, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167--187, 1996.]]
[31]
D. Volpano and G. Smith. Confinements properties for programming languages. SIGACT News, 29(3):33--42, 1998.]]
[32]
N. Yoshida and M. Hennessy. Assigning types to processes. In I. C. S. Press, editor, Proc. of IEEE 15th Ann. Symp. on Logic in Computer Science (LICS'2000), pages 334--345, 2000.]]
[33]
S. Zdancewic. A type system for robust declassification. In Annual Conference on the Mathematical Foundations of Programming Semantics, 2003.]]
[34]
S. Zdancewic and A. Myers. Robust declassification. In Proceedings of 14th IEEE Computer Security Foundations Workshop, pages 15--23, Cape Breton, Nova Scotia, Canada, June 2001.]]

Cited By

View all
  • (2013)A framework for access control in distributed environmentsElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.113.2113(5-6)Online publication date: 28-Mar-2013
  • (2013)Automated analysis of rule-based access control policiesProceedings of the 7th workshop on Programming languages meets program verification10.1145/2428116.2428125(47-56)Online publication date: 22-Jan-2013
  • (2010)Term rewriting for describing constrained policy graph and conflict detection2010 IEEE International Conference on Progress in Informatics and Computing10.1109/PIC.2010.5687864(645-651)Online publication date: Dec-2010
  • Show More Cited By

Index Terms

  1. Security policy in a declarative style

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      PPDP '05: Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
      July 2005
      260 pages
      ISBN:1595930906
      DOI:10.1145/1069774
      • General Chair:
      • Pedro Barahona,
      • Program Chair:
      • Amy Felty
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 11 July 2005

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. confidentiality
      2. non-interference

      Qualifiers

      • Article

      Conference

      PPDP05
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 230 of 486 submissions, 47%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)2
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 15 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2013)A framework for access control in distributed environmentsElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.113.2113(5-6)Online publication date: 28-Mar-2013
      • (2013)Automated analysis of rule-based access control policiesProceedings of the 7th workshop on Programming languages meets program verification10.1145/2428116.2428125(47-56)Online publication date: 22-Jan-2013
      • (2010)Term rewriting for describing constrained policy graph and conflict detection2010 IEEE International Conference on Progress in Informatics and Computing10.1109/PIC.2010.5687864(645-651)Online publication date: Dec-2010
      • (2009)Declassification: Dimensions and principlesJournal of Computer Security10.5555/1662658.166265917:5(517-548)Online publication date: 1-Oct-2009
      • (2009)Distributed event-based access controlInternational Journal of Information and Computer Security10.1504/IJICS.2009.0310423:3/4(306-320)Online publication date: 1-Jan-2009
      • (2008)Time and Location Based Services with Access Control2008 New Technologies, Mobility and Security10.1109/NTMS.2008.ECP.98(1-6)Online publication date: Nov-2008
      • (2008)An Algebraic-Functional Framework for Distributed Access Control2008 Third International Conference on Risks and Security of Internet and Systems10.1109/CRISIS.2008.4757458(1-8)Online publication date: Oct-2008
      • (2007)Dynamic event-based access control as term rewritingProceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security10.5555/1770560.1770581(195-210)Online publication date: 8-Jul-2007
      • (2007)Rewriting-Based Access Control PoliciesElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/j.entcs.2007.02.055171:4(59-72)Online publication date: 1-Jul-2007
      • (2007)Pre-execution Security Policy Assessment of Remotely Defined BPEL-Based Grid ProcessesTrust, Privacy and Security in Digital Business10.1007/978-3-540-74409-2_20(178-189)Online publication date: 2007
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media