Abstract
An extension of the λ-calculus is proposed, to study resource usage analysis and verification. It features usage policies with a possibly nested, local scope, and dynamic creation of resources. We define a type and effect system that, given a program, extracts a history expression, that is, a sound overapproximation to the set of histories obtainable at runtime. After a suitable transformation, history expressions are model-checked for validity. A program is resource-safe if its history expression is verified valid: If such, no runtime monitor is needed to safely drive its executions.
Supplemental Material
Available for Download
Online appendix to local policies for resource usage analysis. The appendix supports the information on article 23.
- Bartoletti, M. 2009. Usage automata. In Proceedings of the Workshop on Issues in the Theory of Security. Lecture Notes in Computer Science, vol. 5511. Springer, Berlin, 52--69. Google Scholar
Digital Library
- Bartoletti, M., Costa, G., Degano, P., Martinelli, F., and Zunino, R. 2009. Securing Java with local policies. J. Object Technol. 8, 4, 5--32.Google Scholar
Cross Ref
- Bartoletti, M., Degano, P., and Ferrari, G.-L. 2004. Stack inspection and secure program transformations. Int. J. Inform. Secur. 2, 3-4, 187--217.Google Scholar
- Bartoletti, M., Degano, P., and Ferrari, G.-L. 2005a. Checking risky events is enough for local policies. In Proceedings of the 9th Italian Conference on Theoretical Computer Science (ICTCS). Lecture Notes in Computer Science, vol. 3701. Springer, Berlin, 97--112. Google Scholar
Digital Library
- Bartoletti, M., Degano, P., and Ferrari, G.-L. 2005b. Enforcing secure service composition. In Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW-18). IEEE Computer Society, Los Alamitos, 211--223. (Full version to appear in J. Comput. Secur. Google Scholar
Digital Library
- Bartoletti, M., Degano, P., and Ferrari, G.-L. 2005c. History-based access control with local policies. In Proceedings of the 8th Foundations of Software Science and Computational Structures (FOSSACS). Lecture Notes in Computer Science, vol. 3441. Springer, Berlin, 316--332. Google Scholar
Digital Library
- Bartoletti, M., Degano, P., and Ferrari, G.-L. 2006. Types and effects for secure service orchestration. In Proceedings of the 19th IEEE Computer Security Foundations Workshop. (CSFW-19). IEEE Computer Society, Los Alamitos, 57--69. Google Scholar
Digital Library
- Bartoletti, M., Degano, P., Ferrari, G.-L., and Zunino, R. 2007. Types and effects for resource usage analysis. In Proceedings of the 10th Foundations of Software Science and Computational Structures (FOSSACS'07). Lecture Notes in Computer Science, vol. 4423. Springer, Berlin, 32--47. Google Scholar
Digital Library
- Bartoletti, M., Degano, P., Ferrari, G. L., and Zunino, R. 2008. Model checking usage policies. In Proceedings of the 4th Trustworthy Global Computing. Lecture Notes in Computer Science, vol. 5474. Springer, Berlin, 19--35. Google Scholar
Digital Library
- Bartoletti, M. and Zunino, R. 2008. LocUsT: A tool for checking usage policies. Tech. rep. TR-08-07, Dipartimento Informatica, Universita Pisa. http://compass2.di.unipi.it/TR/Files/TR-08-07.pdf.gz.Google Scholar
- Bauer, L., Ligatti, J., and Walker, D. 2002. More enforceable security policies. In Proceedings of the Workshop on Foundations of Computer Security (FCS).Google Scholar
- Bauer, L., Ligatti, J., and Walker, D. 2005. Composing security policies with Polymer. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). ACM, New York, 305--314. Google Scholar
Digital Library
- Bergstra, J. A. and Klop, J. W. 1985. Algebra of communicating processes with abstraction. Theor. Comput. Sci. 37, 77--121.Google Scholar
Cross Ref
- Besson, F., de Grenier de Latour, T., and Jensen, T. P. 2005. Interfaces for stack inspection. J. Functional Program. 15, 2, 179--217. Google Scholar
Digital Library
- Besson, F., Jensen, T. P., Métayer, D. L., and Thorn, T. 2001. Model-checking security properties of control flow graphs. J. Comput. Secur. 9, 3, 217--250. Google Scholar
Digital Library
- Bradfield, J. C. 1996. On the expressivity of the modal mu-calculus. In Proceedings of the 13th Annual Symposium on Theoretical Aspects of Computer Science (STACS'96). Lecture Notes in Computer Science, vol. 1046. Springer, Berlin, 479--490. Google Scholar
Digital Library
- Chaki, S., Rajamani, S. K., and Rehof, J. 2002. Types as models: Model-checking message-passing programs. In Proceedings of the 29th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 45--57. Google Scholar
Digital Library
- Christensen, S. 1993. Decidability and decomposition in process algebras. Ph.D. thesis, Edinburgh University.Google Scholar
- Colcombet, T. and Fradet, P. 2000. Enforcing trace properties by program transformation. In Proceedings of the 27th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 54--66. Google Scholar
Digital Library
- Dam, M. 1997. On the decidability of process equivalences for the pi-calculus. Theor. Comput. Sci. 183, 2, 215--228. Google Scholar
Digital Library
- Erlingsson, U. and Schneider, F. B. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the Workshop on New Security Paradigms. ACM, New York, 87--95. Google Scholar
Digital Library
- Esparza, J. 1994. On the decidability of model checking for several μ-calculi and Petri nets. In Proceedings of the 19th International Colloquium on Trees in Algebra and Programming (CAAP'94). Lecture Notes in Computer Science, vol. 787. Springer, Berlin, 115--129. Google Scholar
Digital Library
- Fong, P. W. 2004. Access control by tracking shallow execution history. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'04). IEEE Computer Society, Los Alamitos, 43--55.Google Scholar
Cross Ref
- Fournet, C. and Gordon, A. D. 2003. Stack inspection: Theory and variants. ACM Trans. Program. Lang. Syst. 25, 3, 360--399. Google Scholar
Digital Library
- Hamlen, K. W., Morrisett, J. G., and Schneider, F. B. 2006. Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28, 1, 175--205. Google Scholar
Digital Library
- Igarashi, A. and Kobayashi, N. 2002. Resource usage analysis. In Proceedings of the 29th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 331--342. Google Scholar
Digital Library
- Iwama, F., Igarashi, A., and Kobayashi, N. 2006. Resource usage analysis for a functional language with exceptions. In Proceedings of the ACM SIGPLAN Workshop on Partial Evaluation and Semantics-Based Program Manipulation. ACM, New York, 38--47. Google Scholar
Digital Library
- Kobayashi, N. 2003. Time regions and effects for resource usage analysis. In Proceedings of the ACM SIGPLAN International Workshop on Types in Languages Design and Implementation (TLDI). ACM, New York, 50--61. Google Scholar
Digital Library
- Kozen, D. 1983. Results on the propositional μ-calculus. Theor. Comput. Sci. 27, 333--354.Google Scholar
Cross Ref
- Marriott, K., Stuckey, P. J., and Sulzmann, M. 2003. Resource usage verification. In Proceedings of the 1st Asian Symposium on Programming Languages and Systems (APLAS'03). Lecture Notes in Computer Science, vol. 2895. Springer, Berlin, 212--229.Google Scholar
- Mayr, R. 1998. Decidability and complexity of model-checking problems for infinite-state systems. Ph.D. thesis, Technischen Universität München.Google Scholar
- Milner, R., Parrow, J., and Walker, D. 1992. A calculus of mobile processes, I and II. Inform. Comput. 100, 1, 1--40, 41--77. Google Scholar
Digital Library
- Necula, G. C. 1997. Proof-carrying code. In Proceedings of the 24th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 106--119. Google Scholar
Digital Library
- Nielson, H. R. and Nielson, F. 1994. Higher-order concurrent programs with finite communication topology. In Proceedings of the 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL). ACM, New York. Google Scholar
Digital Library
- Schneider, F. B. 2000. Enforceable security policies. ACM Trans. Inform. Syst. Secur. 3, 1, 30--50. Google Scholar
Digital Library
- Skalka, C. 2005. Trace effects and object orientation. In Proceedings of the 7th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP). ACM, New York, 139--150. Google Scholar
Digital Library
- Skalka, C. and Smith, S. 2004. History effects and verification. In Proceedings of the 2nd Asian Symposium on Programming Languages and Systems (APLAS'04). Lecture Notes in Computer Science, vol. 3302. Springer, Berlin, 107--128.Google Scholar
- Skalka, C., Smith, S., and Horn, D. V. 2008. Types and trace effects of higher-order programs. J. Functional Program. 18, 2, 179--249. Google Scholar
Digital Library
- Talpin, J.-P. and Jouvelot, P. 1992. Polymorphic type, region and effect inference. J. Functional Program. 2, 3, 245--271.Google Scholar
Cross Ref
- Tan, G., Ou, X., and Walker, D. 2003. Resource usage analysis via scoped methods. In Proceedings of the Foundations of Object-Oriented Languages.Google Scholar
- Thiemann, P. 2003. Program specialization for execution monitoring. J. Functional Program. 13, 3, 573--600. Google Scholar
Digital Library
- Walker, D. 2000. A type system for expressive security policies. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, 254--267. Google Scholar
Digital Library
- Wallach, D. S., Appel, A. W., and Felten, E. W. 2000. SAFKASI: A security mechanism for language-based systems. ACM Trans. Softw. Eng. Methodol. 9, 4, 341--378. Google Scholar
Digital Library
- Wang, J., Takata, Y., and Seki, H. 2006. HBAC: A model for history-based access control and its model-checking. In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06). Lecture Notes in Computer Science, vol. 4189. Springer, Berlin, 263--278. Google Scholar
Digital Library
Index Terms
Local policies for resource usage analysis
Recommendations
Planning and verifying service composition
18th IEEE Computer Security Foundations Symposium (CSF 18)A static approach is proposed to study secure composition of services. We extend the λ-calculus with primitives for selecting and invoking services that respect given security requirements. Security-critical code is enclosed in policy framings with a ...
Model-checking software library API usage rules
Modern software increasingly relies on using third-party libraries which are accessed via application programming interfaces (APIs). Libraries usually impose constraints on how API functions can be used (API usage rules) and programmers have to obey ...
Interval-Based resource usage verification: formalization and prototype
FOPARA'11: Proceedings of the Second international conference on Foundational and Practical Aspects of Resource AnalysisIn an increasing number of applications (e.g., in embedded, real-time, or mobile systems) it is important or even essential to ensure conformance with respect to a specification expressing the use of some resource, such as execution time, energy, or ...






Comments