Verification of Information Flow and Access Control Policies with Dependent Types

被引：38

作者：

Nanevski, Aleksandar ^{[1
]}

Banerjee, Anindya ^{[1
]}

Garg, Deepak ^{[2
]}

机构：

[1] IMDEA Software Inst, Madrid, Spain

[2] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA

来源：

2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011) | 2011年

关键词：

Information Flow; Access Control; Type Theory;

D O I：

10.1109/SP.2011.12

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.

引用

页码：165 / 179

页数：15

共 50 条

[21] Toward Formal Verification of Role-Based Access Control Policies
Jha, Somesh
Li, Ninghui
Tripunitara, Mahesh
Wang, Qihua
Winsborough, William H.
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2008, 5 (04) : 242 - 255
[22] A Knowledge-Based Verification Method for Dynamic Access Control Policies
Koleini, Masoud
Ryan, Mark
FORMAL METHODS AND SOFTWARE ENGINEERING, 2011, 6991 : 243 - 258
[23] An Architecture for Verification of Access Control Policies with Multi Agent System Ontologies
Tekbacak, Fatih
Tuglular, Tugkan
Dikenelli, Oguz
2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, 2009, : 725 - +
[24] Formal Verification for Access Control in Web Information Sharing System
Sakai, Akihiro
Hori, Yoshiaki
Sakurai, Kouichi
ADVANCES IN INFORMATION SECURITY AND ASSURANCE, 2009, 5576 : 80 - +
[25] Verification of access control coherence in information system during modifications
Goncalves, G
Hemery, F
Poniszewska, A
TWELFTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 2003, : 232 - 237
[26] Content dependent information flow control
Nielson, Hanne Riis
Nielson, Flemming
JOURNAL OF LOGICAL AND ALGEBRAIC METHODS IN PROGRAMMING, 2017, 87 : 6 - 32
[27] Access Control and Information Flow in Transactional Memory
Cohen, Ariel
van der Meyden, Ron
Zuck, Lenore D.
FORMAL ASPECTS IN SECURITY AND TRUST, 2009, 5491 : 316 - +
[28] COVERN: A Logic for Compositional Verification of Information Flow Control
Murray, Toby
Sison, Robert
Engelhardt, Kai
2018 3RD IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P 2018), 2018, : 16 - 30
[29] Analyzing information flow control policies in requirements engineering
Alghathbar, K
Wijesekera, D
FIFTH IEEE INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, PROCEEDINGS, 2004, : 193 - 196
[30] A security verification method for information flow security policies implemented in operating systems
Yi, XD
Yang, XJ
INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, 2003, 2836 : 280 - 291

← 1 2 3 4 5 →