Abstract
Existing programming language access control frameworks do not meet the needs of all software components. We propose an expressive framework for implementing access control monitors for components. The basis of the framework is a novel concept: the authority environment. An authority environment associates rights with an execution context. The building blocks of access control monitors in our framework are authorization contracts: software contracts that manage authority environments. We demonstrate the expressiveness of our framework by implementing a diverse set of existing access control mechanisms and writing custom access control monitors for three realistic case studies.
- M. Abadi and C. Fournet. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS), pages 107– 121, February 2003.Google Scholar
- M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems (TOPLAS), 15(4): 706–734, September 1993. Google Scholar
Digital Library
- J. P. Anderson. Computer security technology planning study. Technical Report ESD-TR-73-51, U.S. Air Force Electronic Systems Division, Deputy for Command and Management Systems, HQ Electronic Systems Division, 1972.Google Scholar
- A. W. Appel and E. W. Felten. Proof-carrying authentication. In Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS), pages 52–62, Nov. 1999. Google Scholar
Digital Library
- O. Arden, J. Liu, and A. C. Myers. Flow-limited authorization. In Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF), pages 569–583, July 2015. Google Scholar
Digital Library
- L. Bauer, J. Ligatti, and D. Walker. Composing security policies with Polymer. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 305–314, June 2005. Google Scholar
Digital Library
- F. Chen and G. Ro¸su. Java-MOP: A monitoring oriented programming environment for Java. In Proceedings of the Eleventh International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 546–550, April 2005. Google Scholar
Digital Library
- C. Dimoulas, S. Tobin-Hochstadt, and M. Felleisen. Complete monitors for behavioral contracts. In Proceedings of the 21st European Symposium on Programming (ESOP), pages 211– 230, March 2012. Google Scholar
Digital Library
- C. Dimoulas, S. Moore, A. Askarov, and S. Chong. Declarative policies for capability control. In Proceedings of the 27th IEEE Computer Security Foundations Symposium (CSF), pages 3–17, July 2014. Google Scholar
Digital Library
- T. Disney, C. Flanagan, and J. McCarthy. Temporal higherorder contracts. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 176–188, September, 2011. Google Scholar
Digital Library
- C. Dutchyn, D. B. Tucker, and S. Krishnamurthi. Semantics and scoping of aspects in higher-order languages. Science of Computer Programming, 63(3):207–239, December 2006. Google Scholar
Digital Library
- U. Erlingsson and F. B. Schneider. SASI enforcement of security policies: A retrospective. In Proceedings of the 1999 Workshop on New Security Paradigms, pages 87–95, 1999. Google Scholar
Digital Library
- U. Erlingsson and F. B. Schneider. IRM enforcement of Java stack inspection. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P), pages 246–255, May 2000. Google Scholar
Digital Library
- D. Evans and A. Twyman. Flexible policy-directed code safety. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (S&P), pages 32–45, May 1999.Google Scholar
Cross Ref
- R. B. Findler and M. Felleisen. Contracts for higher-order functions. In Proceedings of the Seventh ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 48–59, October 2002. Google Scholar
Digital Library
- M. Flatt and PLT. Reference: Racket. Technical Report PLTTR-2010-1, PLT Design Inc., 2010. http://racket-lang. org/tr1/.Google Scholar
- M. Gasbichler and M. Sperber. Processes vs. user-level threads in Scsh. In Proceedings of the 3rd ACM SIGPLAN Workshop on Scheme and Functional Programming, 2002.Google Scholar
- P. Heidegger, A. Bieniusa, and P. Thiemann. Access permission contracts for scripting languages. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 111–122, Jan. 2012. Google Scholar
Digital Library
- L. Jia, J. A. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. AURA: A programming language for authorization and audit. In Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 27–38, September 2008. Google Scholar
Digital Library
- M. Jones and K. W. Hamlen. Enforcing IRM security policies: Two case studies. In Proceedings of the 7th IEEE Intelligence and Security Informatics Conference (ISI), pages 214–216, June 2009. Google Scholar
Digital Library
- B. W. Lampson. Protection. ACM SIGOPS Operating Systems Review, 8(1):18–24, January 1974. Google Scholar
Digital Library
- B. Meyer. Object-Oriented Software Construction. Prentice Hall, 1988. Google Scholar
Digital Library
- B. Meyer. Design by contract. In Advances in Object-Oriented Software Engineering, pages 1–50. Prentice Hall, 1991.Google Scholar
- B. Meyer. Applying “Design by Contract”. Computer, 25(10): 40–51, October 1992. Google Scholar
Digital Library
- M. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, May 2006. Google Scholar
Digital Library
- M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Caja: Safe active content in sanitized JavaScript, 2008. Google white paper.Google Scholar
- S. Moore, C. Dimoulas, D. King, and S. Chong. Shill: A secure shell scripting language. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 183–199. USENIX, October 2014. Google Scholar
Digital Library
- S. Moore, C. Dimoulas, R. B. Findler, M. Flatt, and S. Chong. Extensible access control with authorization contracts. Technical Report TR-03-16, Harvard University, 2016.Google Scholar
- J. H. Morris, Jr. Protection in programming languages. Communications of the ACM, 16(1):15–21, January 1973. Google Scholar
Digital Library
- P. H. Phung, M. Monshizadeh, M. Sridhar, K. W. Hamlen, and V. N. Venkatakrishnan. Between worlds: Securing mixed javascript/actionscript multi-party web content. IEEE Transactions on Dependable and Secure Computing (TDSC), 12(4): 443–457, July 2015.Google Scholar
Digital Library
- J. H. Saltzer. Protection and the control of information sharing in multics. Communications of the ACM, 17(7):388–402, July 1974. Google Scholar
Digital Library
- F. B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security (TISSEC), 3(1): 30–50, February 2000. Google Scholar
Digital Library
- C. Schollier, É. Tanter, and W. D. Meuter. Computational contracts. Science of Computer Programming, 98(3):360–375, October 2013. Google Scholar
Digital Library
- G. L. Steele, Jr. Macaroni is better than spaghetti. In Proceedings of the 1977 Symposium on Artificial Intelligence and Programming Languages, pages 60–66, August 1977. Google Scholar
Digital Library
- G. L. Steele Jr and G. J. Sussman. The revised report on SCHEME: A dialect of LISP. Technical Report AIM-452, Massachusetts Institute of Technology Artificial Intelligence Laboratory, 1978.Google Scholar
- N. Swamy, J. Chen, and R. Chugh. Enforcing stateful authorization and information flow policies in Fine. In Proceedings of the 19th European Conference on Programming Languages and Systems (ESOP), pages 529–549, March 2010. Google Scholar
Digital Library
- A. Takikawa, T. S. Strickland, and S. Tobin-Hochstadt. Constraining delimited control with contracts. In Proceedings of the 22nd European Conference on Programming Languages and Systems (ESOP), pages 229–248, March 2013. Google Scholar
Digital Library
- R. Toledo, A. Nunez, E. Tanter, and J. Noye. Aspectizing Java access control. IEEE Transactions on Software Engineering, 38(1):101–117, January 2012. Google Scholar
Digital Library
- D. Wallach and E. Felten. Understanding Java stack inspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy (S&P), pages 52–63, May 1998.Google Scholar
Cross Ref
- D. S. Wallach, D. Balfanz, D. Dean, and E. W. Felten. Extensible security architectures for Java. In Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles (SOSP), pages 116–128, October 1997. Google Scholar
Digital Library
Index Terms
Extensible access control with authorization contracts
Recommendations
Extensible access control with authorization contracts
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsExisting programming language access control frameworks do not meet the needs of all software components. We propose an expressive framework for implementing access control monitors for components. The basis of the framework is a novel concept: the ...
Flow-Limited Authorization
CSF '15: Proceedings of the 2015 IEEE 28th Computer Security Foundations SymposiumBecause information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows ...
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...







Comments