skip to main content
research-article
Free Access

Local policies for resource usage analysis

Published:26 August 2009Publication History
Skip Abstract Section

Abstract

An extension of the λ-calculus is proposed, to study resource usage analysis and verification. It features usage policies with a possibly nested, local scope, and dynamic creation of resources. We define a type and effect system that, given a program, extracts a history expression, that is, a sound overapproximation to the set of histories obtainable at runtime. After a suitable transformation, history expressions are model-checked for validity. A program is resource-safe if its history expression is verified valid: If such, no runtime monitor is needed to safely drive its executions.

Skip Supplemental Material Section

Supplemental Material

References

  1. Bartoletti, M. 2009. Usage automata. In Proceedings of the Workshop on Issues in the Theory of Security. Lecture Notes in Computer Science, vol. 5511. Springer, Berlin, 52--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Bartoletti, M., Costa, G., Degano, P., Martinelli, F., and Zunino, R. 2009. Securing Java with local policies. J. Object Technol. 8, 4, 5--32.Google ScholarGoogle ScholarCross RefCross Ref
  3. Bartoletti, M., Degano, P., and Ferrari, G.-L. 2004. Stack inspection and secure program transformations. Int. J. Inform. Secur. 2, 3-4, 187--217.Google ScholarGoogle Scholar
  4. Bartoletti, M., Degano, P., and Ferrari, G.-L. 2005a. Checking risky events is enough for local policies. In Proceedings of the 9th Italian Conference on Theoretical Computer Science (ICTCS). Lecture Notes in Computer Science, vol. 3701. Springer, Berlin, 97--112. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Bartoletti, M., Degano, P., and Ferrari, G.-L. 2005b. Enforcing secure service composition. In Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW-18). IEEE Computer Society, Los Alamitos, 211--223. (Full version to appear in J. Comput. Secur. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bartoletti, M., Degano, P., and Ferrari, G.-L. 2005c. History-based access control with local policies. In Proceedings of the 8th Foundations of Software Science and Computational Structures (FOSSACS). Lecture Notes in Computer Science, vol. 3441. Springer, Berlin, 316--332. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bartoletti, M., Degano, P., and Ferrari, G.-L. 2006. Types and effects for secure service orchestration. In Proceedings of the 19th IEEE Computer Security Foundations Workshop. (CSFW-19). IEEE Computer Society, Los Alamitos, 57--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bartoletti, M., Degano, P., Ferrari, G.-L., and Zunino, R. 2007. Types and effects for resource usage analysis. In Proceedings of the 10th Foundations of Software Science and Computational Structures (FOSSACS'07). Lecture Notes in Computer Science, vol. 4423. Springer, Berlin, 32--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Bartoletti, M., Degano, P., Ferrari, G. L., and Zunino, R. 2008. Model checking usage policies. In Proceedings of the 4th Trustworthy Global Computing. Lecture Notes in Computer Science, vol. 5474. Springer, Berlin, 19--35. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Bartoletti, M. and Zunino, R. 2008. LocUsT: A tool for checking usage policies. Tech. rep. TR-08-07, Dipartimento Informatica, Universita Pisa. http://compass2.di.unipi.it/TR/Files/TR-08-07.pdf.gz.Google ScholarGoogle Scholar
  11. Bauer, L., Ligatti, J., and Walker, D. 2002. More enforceable security policies. In Proceedings of the Workshop on Foundations of Computer Security (FCS).Google ScholarGoogle Scholar
  12. Bauer, L., Ligatti, J., and Walker, D. 2005. Composing security policies with Polymer. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). ACM, New York, 305--314. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Bergstra, J. A. and Klop, J. W. 1985. Algebra of communicating processes with abstraction. Theor. Comput. Sci. 37, 77--121.Google ScholarGoogle ScholarCross RefCross Ref
  14. Besson, F., de Grenier de Latour, T., and Jensen, T. P. 2005. Interfaces for stack inspection. J. Functional Program. 15, 2, 179--217. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Besson, F., Jensen, T. P., Métayer, D. L., and Thorn, T. 2001. Model-checking security properties of control flow graphs. J. Comput. Secur. 9, 3, 217--250. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Bradfield, J. C. 1996. On the expressivity of the modal mu-calculus. In Proceedings of the 13th Annual Symposium on Theoretical Aspects of Computer Science (STACS'96). Lecture Notes in Computer Science, vol. 1046. Springer, Berlin, 479--490. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Chaki, S., Rajamani, S. K., and Rehof, J. 2002. Types as models: Model-checking message-passing programs. In Proceedings of the 29th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 45--57. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Christensen, S. 1993. Decidability and decomposition in process algebras. Ph.D. thesis, Edinburgh University.Google ScholarGoogle Scholar
  19. Colcombet, T. and Fradet, P. 2000. Enforcing trace properties by program transformation. In Proceedings of the 27th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 54--66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Dam, M. 1997. On the decidability of process equivalences for the pi-calculus. Theor. Comput. Sci. 183, 2, 215--228. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Erlingsson, U. and Schneider, F. B. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the Workshop on New Security Paradigms. ACM, New York, 87--95. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Esparza, J. 1994. On the decidability of model checking for several μ-calculi and Petri nets. In Proceedings of the 19th International Colloquium on Trees in Algebra and Programming (CAAP'94). Lecture Notes in Computer Science, vol. 787. Springer, Berlin, 115--129. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Fong, P. W. 2004. Access control by tracking shallow execution history. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'04). IEEE Computer Society, Los Alamitos, 43--55.Google ScholarGoogle ScholarCross RefCross Ref
  24. Fournet, C. and Gordon, A. D. 2003. Stack inspection: Theory and variants. ACM Trans. Program. Lang. Syst. 25, 3, 360--399. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Hamlen, K. W., Morrisett, J. G., and Schneider, F. B. 2006. Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28, 1, 175--205. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Igarashi, A. and Kobayashi, N. 2002. Resource usage analysis. In Proceedings of the 29th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 331--342. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Iwama, F., Igarashi, A., and Kobayashi, N. 2006. Resource usage analysis for a functional language with exceptions. In Proceedings of the ACM SIGPLAN Workshop on Partial Evaluation and Semantics-Based Program Manipulation. ACM, New York, 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Kobayashi, N. 2003. Time regions and effects for resource usage analysis. In Proceedings of the ACM SIGPLAN International Workshop on Types in Languages Design and Implementation (TLDI). ACM, New York, 50--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Kozen, D. 1983. Results on the propositional μ-calculus. Theor. Comput. Sci. 27, 333--354.Google ScholarGoogle ScholarCross RefCross Ref
  30. Marriott, K., Stuckey, P. J., and Sulzmann, M. 2003. Resource usage verification. In Proceedings of the 1st Asian Symposium on Programming Languages and Systems (APLAS'03). Lecture Notes in Computer Science, vol. 2895. Springer, Berlin, 212--229.Google ScholarGoogle Scholar
  31. Mayr, R. 1998. Decidability and complexity of model-checking problems for infinite-state systems. Ph.D. thesis, Technischen Universität München.Google ScholarGoogle Scholar
  32. Milner, R., Parrow, J., and Walker, D. 1992. A calculus of mobile processes, I and II. Inform. Comput. 100, 1, 1--40, 41--77. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Necula, G. C. 1997. Proof-carrying code. In Proceedings of the 24th Annual Symposium on Principles of Programming Languages (POPL). ACM, New York, 106--119. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Nielson, H. R. and Nielson, F. 1994. Higher-order concurrent programs with finite communication topology. In Proceedings of the 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL). ACM, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Schneider, F. B. 2000. Enforceable security policies. ACM Trans. Inform. Syst. Secur. 3, 1, 30--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Skalka, C. 2005. Trace effects and object orientation. In Proceedings of the 7th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP). ACM, New York, 139--150. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Skalka, C. and Smith, S. 2004. History effects and verification. In Proceedings of the 2nd Asian Symposium on Programming Languages and Systems (APLAS'04). Lecture Notes in Computer Science, vol. 3302. Springer, Berlin, 107--128.Google ScholarGoogle Scholar
  38. Skalka, C., Smith, S., and Horn, D. V. 2008. Types and trace effects of higher-order programs. J. Functional Program. 18, 2, 179--249. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Talpin, J.-P. and Jouvelot, P. 1992. Polymorphic type, region and effect inference. J. Functional Program. 2, 3, 245--271.Google ScholarGoogle ScholarCross RefCross Ref
  40. Tan, G., Ou, X., and Walker, D. 2003. Resource usage analysis via scoped methods. In Proceedings of the Foundations of Object-Oriented Languages.Google ScholarGoogle Scholar
  41. Thiemann, P. 2003. Program specialization for execution monitoring. J. Functional Program. 13, 3, 573--600. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Walker, D. 2000. A type system for expressive security policies. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, 254--267. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Wallach, D. S., Appel, A. W., and Felten, E. W. 2000. SAFKASI: A security mechanism for language-based systems. ACM Trans. Softw. Eng. Methodol. 9, 4, 341--378. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Wang, J., Takata, Y., and Seki, H. 2006. HBAC: A model for history-based access control and its model-checking. In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06). Lecture Notes in Computer Science, vol. 4189. Springer, Berlin, 263--278. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Local policies for resource usage analysis

                    Recommendations

                    Comments

                    Login options

                    Check if you have access through your login credentials or your institution to get full access on this article.

                    Sign in

                    Full Access

                    • Published in

                      cover image ACM Transactions on Programming Languages and Systems
                      ACM Transactions on Programming Languages and Systems  Volume 31, Issue 6
                      August 2009
                      162 pages
                      ISSN:0164-0925
                      EISSN:1558-4593
                      DOI:10.1145/1552309
                      Issue’s Table of Contents

                      Copyright © 2009 ACM

                      Publisher

                      Association for Computing Machinery

                      New York, NY, United States

                      Publication History

                      • Published: 26 August 2009
                      • Accepted: 1 February 2009
                      • Received: 1 September 2008
                      Published in toplas Volume 31, Issue 6

                      Permissions

                      Request permissions about this article.

                      Request Permissions

                      Check for updates

                      Qualifiers

                      • research-article
                      • Research
                      • Refereed

                    PDF Format

                    View or Download as a PDF file.

                    PDF

                    eReader

                    View online with eReader.

                    eReader
                    About Cookies On This Site

                    We use cookies to ensure that we give you the best experience on our website.

                    Learn more

                    Got it!