Verification of Information Flow and Access Control Policies with Dependent Types

被引：38

作者：

Nanevski, Aleksandar ^{[1
]}

Banerjee, Anindya ^{[1
]}

Garg, Deepak ^{[2
]}

机构：

[1] IMDEA Software Inst, Madrid, Spain

[2] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA

来源：

2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011) | 2011年

关键词：

Information Flow; Access Control; Type Theory;

D O I：

10.1109/SP.2011.12

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.

引用

页码：165 / 179

页数：15

共 50 条

[1] Dependent Type Theory for Verification of Information Flow and Access Control Policies
Nanevski, Aleksandar
Banerjee, Anindya
Garg, Deepak
ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2013, 35 (02):
[2] Secure Information Flow Verification with Mutable Dependent Types
Ferraiuolo, Andrew
Hua, Weizhe
Myers, Andrew C.
Suh, G. Edward
PROCEEDINGS OF THE 2017 54TH ACM/EDAC/IEEE DESIGN AUTOMATION CONFERENCE (DAC), 2017,
[3] Session Types for Access and Information Flow Control
Capecchi, Sara
Castellani, Ilaria
Dezani-Ciancaglini, Mariangiola
Rezk, Tamara
CONCUR 2010 - CONCURRENCY THEORY, 2010, 6269 : 237 - +
[4] Verification and enforcement of access control policies
Antonio Cau
Helge Janicke
Ben Moszkowski
Formal Methods in System Design, 2013, 43 : 450 - 492
[5] Verification and enforcement of access control policies
Cau, Antonio
Janicke, Helge
Moszkowski, Ben
FORMAL METHODS IN SYSTEM DESIGN, 2013, 43 (03) : 450 - 492
[6] Detecting violations of access control and information flow policies in data flow diagrams
Seifermann, Stephan
Heinrich, Robert
Werle, Dominik
Reussner, Ralf
JOURNAL OF SYSTEMS AND SOFTWARE, 2022, 184
[7] Dynamic Access Control Policies: Specification and Verification
Janicke, H.
Cau, A.
Siewe, F.
Zedan, H.
COMPUTER JOURNAL, 2013, 56 (04): : 440 - 463
[8] Dependent Information Flow Types
Lourenco, Luisa
Caires, Luis
ACM SIGPLAN NOTICES, 2015, 50 (01) : 317 - 328
[9] Verification of Access Control Policies for REA Business Processes
Karimi, Vahid R.
Cowan, Donald D.
2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, 2009, : 1095 - 1100
[10] UML specification of access control policies and their formal verification
Koch M.
Parisi-Presicce F.
Software & Systems Modeling, 2006, 5 (4) : 429 - 447

← 1 2 3 4 5 →