Verification of Information Flow and Access Control Policies with Dependent Types

被引:38
作者
Nanevski, Aleksandar [1 ]
Banerjee, Anindya [1 ]
Garg, Deepak [2 ]
机构
[1] IMDEA Software Inst, Madrid, Spain
[2] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA
来源
2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011) | 2011年
关键词
Information Flow; Access Control; Type Theory;
D O I
10.1109/SP.2011.12
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.
引用
收藏
页码:165 / 179
页数:15
相关论文
共 50 条
  • [41] POSTER: Analyzing Access Control Policies with SMT
    Turkmen, Fatih
    den Hartog, Jerry
    Zannone, Nicola
    CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, : 1508 - 1510
  • [42] Detecting conflict of heterogeneous access control policies
    Yu, Mingjie
    Li, Fenghua
    Yu, Nenghai
    Wang, Xiao
    Guo, Yunchuan
    DIGITAL COMMUNICATIONS AND NETWORKS, 2022, 8 (05) : 664 - 679
  • [43] Towards Automatic Repair of Access Control Policies
    Xu, Dianxiang
    Peng, Shuai
    2016 14TH ANNUAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST), 2016,
  • [44] Governance policies for privacy access control and their interactions
    Hassan, W
    Logrippo, L
    FEATURE INTERACTIONS IN TELECOMMUNICATIONS AND SOFTWARE SYSTEMS VIII, 2005, : 114 - 130
  • [45] Many-to-Many Information Flow Policies
    Baldan, Paolo
    Beggiato, Alessandro
    Lafuente, Alberto Lluch
    COORDINATION MODELS AND LANGUAGES, COORDINATION 2017, 2017, 10319 : 159 - 177
  • [46] Many-to-many information flow policies
    Baldan, Paolo
    Lafuente, Alberto Lluch
    SCIENCE OF COMPUTER PROGRAMMING, 2018, 168 : 118 - 141
  • [47] A Formal Verification of a Subset of Information-Based Access Control Based on Extended Weighted Pushdown System
    Lamilla Alvarez, Pablo
    Takata, Yoshiaki
    IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2014, E97D (05): : 1149 - 1159
  • [48] A Framework for the Cryptographic Enforcement of Information Flow Policies
    Alderman, James
    Crampton, Jason
    Farley, Naomi
    PROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17), 2017, : 143 - 154
  • [49] Types for Access Control in a Calculus of Mobile Resources
    Huttel, Hans
    Kuehnrich, Morten
    ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2007, 180 (01) : 3 - 15
  • [50] Enabling Verification and Conformance Testing for Access Control Model
    Hu, Hongxin
    Ahn, Gail-Joon
    SACMAT'08: PROCEEDINGS OF THE 13TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2008, : 195 - 204
12345