Verification of Information Flow and Access Control Policies with Dependent Types

被引：38

作者：

Nanevski, Aleksandar ^{[1
]}

Banerjee, Anindya ^{[1
]}

Garg, Deepak ^{[2
]}

机构：

[1] IMDEA Software Inst, Madrid, Spain

[2] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA

来源：

2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011) | 2011年

关键词：

Information Flow; Access Control; Type Theory;

D O I：

10.1109/SP.2011.12

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.

引用

页码：165 / 179

页数：15

共 50 条

[41] Types for access control
De Nicola, R
Ferrari, G
Pugliese, R
Venneri, B
THEORETICAL COMPUTER SCIENCE, 2000, 240 (01) : 215 - 254
[42] Facilitating program verification with dependent types
Xi, HW
FIRST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND FORMAL METHODS, PROCEEDINGS, 2003, : 72 - 81
[43] Dependent types for program termination verification
Xi, HW
16TH ANNUAL IEEE SYMPOSIUM ON LOGIC IN COMPUTER SCIENCE, PROCEEDINGS, 2001, : 231 - 242
[44] SPECIFICATION AND VERIFICATION USING DEPENDENT TYPES
HANNA, FK
DAECHE, N
LONGLEY, M
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 1990, 16 (09) : 949 - 964
[45] A typed theory for access control and information flow control in mobile systems
Wang, LB
Chen, KF
INFORMATION SECURITY AND PRIVACY, PROCEEDINGS, 2003, 2727 : 154 - 165
[46] Information flow control in multithread applications based on access control lists
Chou, Shih-Chien
Lo, Wei-Kuang
Lai, Chia-Wei
INFORMATION AND SOFTWARE TECHNOLOGY, 2006, 48 (08) : 717 - 725
[47] Access Control Policy Verification
Hu, Vincent C.
Kuhn, Rick
COMPUTER, 2016, 49 (12) : 80 - 83
[48] Types for Information Flow Control: Labeling Granularity and Semantic Models
Rajani, Vineet
Garg, Deepak
IEEE 31ST COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF 2018), 2018, : 233 - 246
[49] Resiliency Policies in Access Control
Li, Ninghui
Wang, Qihua
Tripunitara, Mahesh
ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2009, 12 (04)
[50] On the negotiation of access control policies
Gligor, VD
Khurana, H
Koleva, RK
Bharadwaj, VG
Baras, JS
SECURITY PROTOCOLS, 2002, 2467 : 188 - 201

← 1 2 3 4 5 →