Verification of Information Flow and Access Control Policies with Dependent Types

被引：38

作者：

Nanevski, Aleksandar ^{[1
]}

Banerjee, Anindya ^{[1
]}

Garg, Deepak ^{[2
]}

机构：

[1] IMDEA Software Inst, Madrid, Spain

[2] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA

来源：

2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011) | 2011年

关键词：

Information Flow; Access Control; Type Theory;

D O I：

10.1109/SP.2011.12

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.

引用

页码：165 / 179

页数：15

共 50 条

[31] Adventures in the Analysis of Access Control Policies
Anh Truong
FUTURE DATA AND SECURITY ENGINEERING (FDSE 2019), 2019, 11814 : 467 - 482
[32] An Access and Information Flow Control Paradigm for Secure Information Sharing in Service-Based Systems
Solanki, Nidhiben
Hoffman, Timothy
Yen, I-Ling
Bastani, Farokh
Yau, Stephen S.
39TH ANNUAL IEEE COMPUTERS, SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC 2015), VOL 1, 2015, : 60 - 67
[33] Access Control and Query Verification for Untrusted Databases
Jain, Rohit
Prabhakar, Sunil
DATA AND APPLICATIONS SECURITY AND PRIVACY XXVII, 2013, 7964 : 211 - 225
[34] General Methods for Access Control Policy Verification
Hu, Vincent C.
Kuhn, D. Richard
PROCEEDINGS OF 2016 IEEE 17TH INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION (IEEE IRI), 2016, : 315 - 323
[35] Rewrite Based Specification of Access Control Policies
Cirstea, Horatiu
Moreau, Pierre-Etienne
de Oliveira, Anderson Santana
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2009, 234 (0C) : 37 - 54
[36] Automatically Reducing Privilege for Access Control Policies
D'Antoni, Loris
Ding, Shuo
Goel, Amit
Ramesh, Mathangi
Rungta, Neha
Sung, Chungha
Proceedings of the ACM on Programming Languages, 2024, 8 (OOPSLA2)
[37] Oblivious Transfer with Hidden Access Control Policies
Camenisch, Jan
Dubovitskaya, Maria
Neven, Gregory
Zaverucha, Gregory M.
PUBLIC KEY CRYPTOGRAPHY - PKC 2011, 2011, 6571 : 192 - +
[38] Data Sharing in Presence of Access Control Policies
Agoun, Juba
Hacid, Mohand-Said
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2019 CONFERENCES, 2019, 11877 : 301 - 309
[39] Detecting Inconsistency and Incompleteness in Access Control Policies
Zhang, Hongbin
Ma, Pengcheng
Wang, Meihua
CLOUD COMPUTING AND SECURITY, PT II, 2018, 11064 : 731 - 739
[40] On the Decidability of the Safety Problem for Access Control Policies
Kleiner, E.
Newcomb, T.
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2007, 185 : 107 - 120

← 1 2 3 4 5 →