Abstract
Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as digital signatures, local ACLs, and encrypted communications. In principle, authorization specifications can be separated from code and carefully audited. Logic programs in particular can express policies in a simple, abstract manner.
We consider the problem of checking whether a distributed implementation based on communication channels and cryptography complies with a logical authorization policy. We formalize authorization policies and their connection to code by embedding logical predicates and claims within a process calculus. We formulate policy compliance operationally by composing a process model of the distributed system with an arbitrary opponent process. Moreover, we propose a dependent type system for verifying policy compliance of implementation code. Using Datalog as an authorization logic, we show how to type several examples using policies and present a general schema for compiling policies.
- Abadi, M. 1999. Secrecy by typing in security protocols. J. ACM 46, 5 (Sept.), 749--786. Google Scholar
Digital Library
- Abadi, M. 1998. On SDSI's linked local name spaces. J. Comput. Security 6, 1-2, 3--21. Google Scholar
Digital Library
- Abadi, M. and Gordon, A. D. 1999. A calculus for cryptographic protocols: The spi calculus. Inf. Comput. 148, 1--70. Google Scholar
Digital Library
- Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734. Google Scholar
Digital Library
- Becker, M. Y. and Sewell, P. 2004. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). 139--154. Google Scholar
Digital Library
- Blanchet, B. 2002. From secrecy to authenticity in security protocols. In Proceedings of the 9th International Static Analysis Symposium (SAS). Lecture Notes in Computer Science, vol. 2477. Springer, 342--359. Google Scholar
Digital Library
- Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE 17th Symposium on Research in Security and Privacy. 164--173. Google Scholar
Digital Library
- Braghin, C., Gorla, D., and Sassone, V. 2004. A distributed calculus for role-based access control. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). 48--60. Google Scholar
Digital Library
- Bugliesi, M., Castagna, G., and Crafa, S. 2004a. Access control for mobile agents: The calculus of boxed ambients. ACM Trans. Program. Lang. Syst. 26, 1 (Jan.), 57--124. Google Scholar
Digital Library
- Bugliesi, M., Colazzo, D., and Crafa, S. 2004b. Type based discretionary access control. In Proceedings of the International Conference on Concurrency Theory (CONCUR). Lecture Notes in Computer Science, vol. 3170. Springer, 225--239.Google Scholar
- Ceri, S., Gottlob, G., and Tanca, L. 1989. What you always wanted to know about Datalog (and never dared to ask). IEEE Trans. Knowl. Data Eng. 1, 1, 146--166. Google Scholar
Digital Library
- ContentGuard. 2002. XrML 2.0 technical overview. http://www.xrml.org/.Google Scholar
- De Nicola, R., Ferrari, G., and Pugliese, R. 2000. Programming access control: The KLAIM experience. In Proceedings of the International Conference on Concurrency Theory (CONCUR). Lecture Notes in Computer Science, vol. 1877. Springer, 48--65. Google Scholar
Digital Library
- DeTreville, J. 2002. Binder, a logic-based security language. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 105--113. Google Scholar
Digital Library
- Dolev, D. and Yao, A. 1983. On the security of public key protocols. IEEE Trans. Inf. Theory IT-29, 2, 198--208.Google Scholar
Digital Library
- Duggan, D. 2002. Cryptographic types. In Proceedings of the 15th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 238--252. Google Scholar
Digital Library
- Fournet, C., Gordon, A. D., and Maffeis, S. 2005a. A type discipline for authorization policies. Tech. Rep. MSR--TR--2005--01, Microsoft Research.Google Scholar
- Fournet, C., Gordon, A. D., and Maffeis, S. 2005b. A type discipline for authorization policies. In Proceedings of the 14th European Symposium on Programming (ESOP). Lecture Notes in Computer Science, vol. 3444. Springer, 141--156. Google Scholar
Digital Library
- Gordon, A. D. and Jeffrey, A. 2005. Secrecy despite compromise: Types, cryptography, and the pi-calculus. In Proceedings of the International Conference on Concurrency Theory (CONCUR). Lecture Notes in Computer Science, vol. 3653. Springer, 186--201. Google Scholar
Digital Library
- Gordon, A. D. and Jeffrey, A. 2003a. Authenticity by typing for security protocols. J. Comput. Security 11, 4, 451--521. Google Scholar
Digital Library
- Gordon, A. D. and Jeffrey, A. 2003b. Typing correspondence assertions for communication protocols. Theor. Comput. Sci. 300, 379--409. Google Scholar
Digital Library
- Gordon, A. D. and Jeffrey, A. 2002a. Cryptyc: Cryptographic protocol type checker. http://cryptyc.cs.depaul.edu/.Google Scholar
- Gordon, A. D. and Jeffrey, A. 2002b. Typing one-to-one and one-to-many correspondences in security protocols. In Proceedings of the Conference on Software Security, Theories and Systems. Lecture Notes in Computer Science, vol. 2609. Springer, 270--282.Google Scholar
- Guelev, D. P., Ryan, M. D., and Schobbens, P.-Y. 2004. Model-Checking access control policies. In Proceedings of the 7th Information Security Conference (ISC). Lecture Notes in Computer Science, vol. 3225. Springer.Google Scholar
- Guttman, J. D., Thayer, F. J., Carlson, J. A., Herzog, J. C., Ramsdell, J. D., and Sniffen, B. T. 2004. Trust management in strand spaces: A rely-guarantee method. In Proceedings of the 13th European Symposium on Programming (ESOP). Lecture Notes in Computer Science, vol. 2986. Springer, 340--354.Google Scholar
- Jim, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 106--115. Google Scholar
Digital Library
- Jones, A. K. and Liskov, B. H. 1978. A language extension for expressing constraints on data access. Commun. ACM 21, 5, 358--367. Google Scholar
Digital Library
- Lampson, B. 1971. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems. 437--443. Reprinted in ACM Oper. Syst. Rev. 8, 1, 18--24, 1974. Google Scholar
Digital Library
- Li, N. and Mitchell, J. C. 2003. Understanding SPKI/SDSI using first-order logic. In Proceedings of the 16th IEEE Computer Security Foundation Workshop (CSFW). 89--103.Google Scholar
- Maffei, M. 2006. Dynamic typing for security protocols. Ph.D. thesis, Università Ca' Foscari Venezia.Google Scholar
- Martin-Löf, P. 1984. Intuitionistic Type Theory. Bibliopolis.Google Scholar
- Milner, R. 1999. Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, New York. Google Scholar
Digital Library
- Myers, A. C. and Liskov, B. 2000. Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9, 4, 410--442. Google Scholar
Digital Library
- Pierce, B. and Sangiorgi, D. 1996. Typing and subtyping for mobile processes. Math. Structures Comput. Sci. 6, 5, 409--454.Google Scholar
Cross Ref
- Pottier, F. 2002. A simple view of type-secure information flow in the π-calculus. In Proceedings of the 15th IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press, 320--330. Google Scholar
Digital Library
- Sagiv, Y. 1987. Optimizing Datalog programs. In Proceedings of the 6th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. ACM Press, 349--362. Google Scholar
Digital Library
- Samarati, P. and de Capitani di Vimercati, S. 2001. Access control: Policies, models, and mechanisms. In IFIP WG 107 International School on Foundations of Security Analysis and Design (FOSAD 2000). Lecture Notes in Computer Science, vol. 2171. Springer, 137--196. Google Scholar
Digital Library
- Woo, T. and Lam, S. 1993. A semantic model for authentication protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 178--194. Google Scholar
Digital Library
Index Terms
A type discipline for authorization policies
Recommendations
A type discipline for authorization policies
ESOP'05: Proceedings of the 14th European conference on Programming Languages and SystemsDistributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as, for instance, digital signatures, local ACLs, and encrypted ...
A logic for state-modifying authorization policies
Administering and maintaining access control systems is a challenging task, especially in environments with complex and changing authorization requirements. A number of authorization logics have been proposed that aim at simplifying access control by ...
DPMF: A policy management framework for heterogeneous authorization systems in grid environments
Content management and delivery through P2P-based content networksIn order to enable an open Grid environment to support organized resource sharing between multiple heterogeneous Virtual Organizations (VOs), we need to tackle the challenges of dynamic membership of VOs and trust relationships between the VOs. We ...






Comments