skip to main content
article
Free Access

A type discipline for authorization policies

Published:02 August 2007Publication History
Skip Abstract Section

Abstract

Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as digital signatures, local ACLs, and encrypted communications. In principle, authorization specifications can be separated from code and carefully audited. Logic programs in particular can express policies in a simple, abstract manner.

We consider the problem of checking whether a distributed implementation based on communication channels and cryptography complies with a logical authorization policy. We formalize authorization policies and their connection to code by embedding logical predicates and claims within a process calculus. We formulate policy compliance operationally by composing a process model of the distributed system with an arbitrary opponent process. Moreover, we propose a dependent type system for verifying policy compliance of implementation code. Using Datalog as an authorization logic, we show how to type several examples using policies and present a general schema for compiling policies.

References

  1. Abadi, M. 1999. Secrecy by typing in security protocols. J. ACM 46, 5 (Sept.), 749--786. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Abadi, M. 1998. On SDSI's linked local name spaces. J. Comput. Security 6, 1-2, 3--21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Abadi, M. and Gordon, A. D. 1999. A calculus for cryptographic protocols: The spi calculus. Inf. Comput. 148, 1--70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706--734. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Becker, M. Y. and Sewell, P. 2004. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). 139--154. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Blanchet, B. 2002. From secrecy to authenticity in security protocols. In Proceedings of the 9th International Static Analysis Symposium (SAS). Lecture Notes in Computer Science, vol. 2477. Springer, 342--359. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE 17th Symposium on Research in Security and Privacy. 164--173. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Braghin, C., Gorla, D., and Sassone, V. 2004. A distributed calculus for role-based access control. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW). 48--60. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Bugliesi, M., Castagna, G., and Crafa, S. 2004a. Access control for mobile agents: The calculus of boxed ambients. ACM Trans. Program. Lang. Syst. 26, 1 (Jan.), 57--124. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Bugliesi, M., Colazzo, D., and Crafa, S. 2004b. Type based discretionary access control. In Proceedings of the International Conference on Concurrency Theory (CONCUR). Lecture Notes in Computer Science, vol. 3170. Springer, 225--239.Google ScholarGoogle Scholar
  11. Ceri, S., Gottlob, G., and Tanca, L. 1989. What you always wanted to know about Datalog (and never dared to ask). IEEE Trans. Knowl. Data Eng. 1, 1, 146--166. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. ContentGuard. 2002. XrML 2.0 technical overview. http://www.xrml.org/.Google ScholarGoogle Scholar
  13. De Nicola, R., Ferrari, G., and Pugliese, R. 2000. Programming access control: The KLAIM experience. In Proceedings of the International Conference on Concurrency Theory (CONCUR). Lecture Notes in Computer Science, vol. 1877. Springer, 48--65. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. DeTreville, J. 2002. Binder, a logic-based security language. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 105--113. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Dolev, D. and Yao, A. 1983. On the security of public key protocols. IEEE Trans. Inf. Theory IT-29, 2, 198--208.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Duggan, D. 2002. Cryptographic types. In Proceedings of the 15th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 238--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Fournet, C., Gordon, A. D., and Maffeis, S. 2005a. A type discipline for authorization policies. Tech. Rep. MSR--TR--2005--01, Microsoft Research.Google ScholarGoogle Scholar
  18. Fournet, C., Gordon, A. D., and Maffeis, S. 2005b. A type discipline for authorization policies. In Proceedings of the 14th European Symposium on Programming (ESOP). Lecture Notes in Computer Science, vol. 3444. Springer, 141--156. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Gordon, A. D. and Jeffrey, A. 2005. Secrecy despite compromise: Types, cryptography, and the pi-calculus. In Proceedings of the International Conference on Concurrency Theory (CONCUR). Lecture Notes in Computer Science, vol. 3653. Springer, 186--201. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Gordon, A. D. and Jeffrey, A. 2003a. Authenticity by typing for security protocols. J. Comput. Security 11, 4, 451--521. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Gordon, A. D. and Jeffrey, A. 2003b. Typing correspondence assertions for communication protocols. Theor. Comput. Sci. 300, 379--409. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Gordon, A. D. and Jeffrey, A. 2002a. Cryptyc: Cryptographic protocol type checker. http://cryptyc.cs.depaul.edu/.Google ScholarGoogle Scholar
  23. Gordon, A. D. and Jeffrey, A. 2002b. Typing one-to-one and one-to-many correspondences in security protocols. In Proceedings of the Conference on Software Security, Theories and Systems. Lecture Notes in Computer Science, vol. 2609. Springer, 270--282.Google ScholarGoogle Scholar
  24. Guelev, D. P., Ryan, M. D., and Schobbens, P.-Y. 2004. Model-Checking access control policies. In Proceedings of the 7th Information Security Conference (ISC). Lecture Notes in Computer Science, vol. 3225. Springer.Google ScholarGoogle Scholar
  25. Guttman, J. D., Thayer, F. J., Carlson, J. A., Herzog, J. C., Ramsdell, J. D., and Sniffen, B. T. 2004. Trust management in strand spaces: A rely-guarantee method. In Proceedings of the 13th European Symposium on Programming (ESOP). Lecture Notes in Computer Science, vol. 2986. Springer, 340--354.Google ScholarGoogle Scholar
  26. Jim, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 106--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jones, A. K. and Liskov, B. H. 1978. A language extension for expressing constraints on data access. Commun. ACM 21, 5, 358--367. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Lampson, B. 1971. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems. 437--443. Reprinted in ACM Oper. Syst. Rev. 8, 1, 18--24, 1974. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Li, N. and Mitchell, J. C. 2003. Understanding SPKI/SDSI using first-order logic. In Proceedings of the 16th IEEE Computer Security Foundation Workshop (CSFW). 89--103.Google ScholarGoogle Scholar
  30. Maffei, M. 2006. Dynamic typing for security protocols. Ph.D. thesis, Università Ca' Foscari Venezia.Google ScholarGoogle Scholar
  31. Martin-Löf, P. 1984. Intuitionistic Type Theory. Bibliopolis.Google ScholarGoogle Scholar
  32. Milner, R. 1999. Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Myers, A. C. and Liskov, B. 2000. Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9, 4, 410--442. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Pierce, B. and Sangiorgi, D. 1996. Typing and subtyping for mobile processes. Math. Structures Comput. Sci. 6, 5, 409--454.Google ScholarGoogle ScholarCross RefCross Ref
  35. Pottier, F. 2002. A simple view of type-secure information flow in the π-calculus. In Proceedings of the 15th IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press, 320--330. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Sagiv, Y. 1987. Optimizing Datalog programs. In Proceedings of the 6th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. ACM Press, 349--362. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Samarati, P. and de Capitani di Vimercati, S. 2001. Access control: Policies, models, and mechanisms. In IFIP WG 107 International School on Foundations of Security Analysis and Design (FOSAD 2000). Lecture Notes in Computer Science, vol. 2171. Springer, 137--196. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Woo, T. and Lam, S. 1993. A semantic model for authentication protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 178--194. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A type discipline for authorization policies

                    Recommendations

                    Comments

                    Login options

                    Check if you have access through your login credentials or your institution to get full access on this article.

                    Sign in

                    Full Access

                    • Published in

                      cover image ACM Transactions on Programming Languages and Systems
                      ACM Transactions on Programming Languages and Systems  Volume 29, Issue 5
                      Special Issue ESOP'05
                      August 2007
                      213 pages
                      ISSN:0164-0925
                      EISSN:1558-4593
                      DOI:10.1145/1275497
                      Issue’s Table of Contents

                      Copyright © 2007 ACM

                      Publisher

                      Association for Computing Machinery

                      New York, NY, United States

                      Publication History

                      • Published: 2 August 2007
                      Published in toplas Volume 29, Issue 5

                      Permissions

                      Request permissions about this article.

                      Request Permissions

                      Check for updates

                      Qualifiers

                      • article

                    PDF Format

                    View or Download as a PDF file.

                    PDF

                    eReader

                    View online with eReader.

                    eReader
                    About Cookies On This Site

                    We use cookies to ensure that we give you the best experience on our website.

                    Learn more

                    Got it!