Verification of Information Flow and Access Control Policies with Dependent Types

被引:38
|
作者
Nanevski, Aleksandar [1 ]
Banerjee, Anindya [1 ]
Garg, Deepak [2 ]
机构
[1] IMDEA Software Inst, Madrid, Spain
[2] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA
来源
2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011) | 2011年
关键词
Information Flow; Access Control; Type Theory;
D O I
10.1109/SP.2011.12
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.
引用
收藏
页码:165 / 179
页数:15
相关论文
共 50 条
  • [31] Access Control and Information Flow Control for Web Services Security
    Kedjar, Saadia
    Tari, Abdelkamel
    Bertok, Peter
    INTERNATIONAL JOURNAL OF INFORMATION TECHNOLOGY AND WEB ENGINEERING, 2016, 11 (01) : 44 - 76
  • [32] Providing flexible access control to an information flow control model
    Chou, SC
    JOURNAL OF SYSTEMS AND SOFTWARE, 2004, 73 (03) : 425 - 439
  • [33] Context-dependent access control for contextual information
    Groba, Christin
    Grob, Stephan
    Springer, Thomas
    ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2007, : 155 - +
  • [34] CONFLICTS BETWEEN GEOXACML ACCESS CONTROL POLICIES IN GEOGRAPHIC INFORMATION SYSTEMS
    Yahiaoui, Mohamed
    Zinedine, Ahmed
    Harti, Mostafa
    IADIS-INTERNATIONAL JOURNAL ON COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2014, 9 (01): : 16 - 29
  • [35] An integrated model for access control and information flow requirements
    Ayed, Samiha
    Cuppens-Boulahia, Nora
    Cuppens, Frederic
    ADVANCES IN COMPUTER SCIENCE - ASIAN 2007: COMPUTER AND NETWORK SECURITY, PROCEEDINGS, 2007, 4846 : 111 - 125
  • [36] Specification and Verification of Access Control Policies in EB3SEC: Work in Progress
    Konopacki, Pierre
    Belhaouari, Hakim
    Frappier, Marc
    Laleau, Regine
    FOUNDATIONS AND PRACTICE OF SECURITY, 2011, 6888 : 227 - +
  • [37] Typing access control and secure information flow in sessions
    Capecchi, Sara
    Castellani, Ilaria
    Dezani-Ciancaglini, Mariangiola
    INFORMATION AND COMPUTATION, 2014, 238 : 68 - 105
  • [38] Access Control Encryption: Enforcing Information Flow with Cryptography
    Damgard, Ivan
    Haagh, Helene
    Orlandi, Claudio
    THEORY OF CRYPTOGRAPHY, TCC 2016-B, PT II, 2016, 9986 : 547 - 576
  • [39] A Model for Specification, Composition and Verification of Access Control Policies and Its Application to Web Services
    Derakhshandeh, Zahra
    Ladani, Behrouz Tork
    ISECURE-ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2011, 3 (02): : 103 - 120
  • [40] Nickel: A Framework for Design and Verification of Information Flow Control Systems
    Sigurbjarnarson, Helgi
    Nelson, Luke
    Castro-Karney, Bruno
    Bornholt, James
    Torlak, Emina
    Wang, Xi
    PROCEEDINGS OF THE 13TH USENIX SYMPOSIUM ON OPERATING SYSTEMS DESIGN AND IMPLEMENTATION, 2018, : 287 - 305
12345