A type discipline for authorization policies

Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as digital signatures, local ACLs, and encrypted communications. In principle, authorization specifications can be separated from code and carefully audited. Logic programs in particular can express policies in a simple, abstract manner. We consider the problem of checking whether a distributed implementation based on communication channels and cryptography complies with a logical authorization policy. We formalize authorization policies and their connection to code by embedding logical predicates and claims within a process calculus. We formulate policy compliance operationally by composing a process model of the distributed system with an arbitrary opponent process. Moreover, we propose a dependent type system for verifying policy compliance of implementation code. Using Datalog as an authorization logic, we show how to type several examples using policies and present a general schema for compiling policies.

[1]  LiskovBarbara,et al.  Protecting privacy using the decentralized label model , 2000 .

[2]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[3]  Matteo Maffei,et al.  Dynamic typing for security protocols , 2006 .

[4]  Andrew D. Gordon,et al.  Secrecy Despite Compromise: Types, Cryptography, and the Pi-Calculus , 2005, CONCUR.

[5]  Barbara Liskov,et al.  A language extension for expressing constraints on data access , 1978, CACM.

[6]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[7]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[8]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[9]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[10]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[11]  Bruno Blanchet,et al.  From Secrecy to Authenticity in Security Protocols , 2002, SAS.

[12]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[13]  François Pottier A simple view of type-secure information flow in the /spl pi/-calculus , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[14]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[15]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Per Martin-Löf,et al.  Intuitionistic type theory , 1984, Studies in proof theory.

[17]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[18]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[19]  Andrew D. Gordon,et al.  A Type Discipline for Authorization Policies , 2005, ESOP.

[20]  Andrew D. Gordon,et al.  Typing One-to-One and One-to-Many Correspondences in Security Protocols , 2002, ISSS.

[21]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[22]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[23]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[24]  Dominic Duggan Cryptographic types , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[25]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[26]  Pierre-Yves Schobbens,et al.  Model-Checking Access Control Policies , 2004, ISC.

[27]  Yehoshua Sagiv,et al.  Optimizing datalog programs , 1987, Foundations of Deductive Databases and Logic Programming..

[28]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[29]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[30]  V. Sassone,et al.  A distributed calculus for role-based access control , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[31]  B. Pierce,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[32]  Ninghui Li,et al.  Understanding SPKI/SDSI using first-order logic , 2005, International Journal of Information Security.

[33]  Rocco De Nicola,et al.  Programming Access Control: The KLAIM Experience , 2000, CONCUR.

[34]  Joshua D. Guttman,et al.  Trust Management in Strand Spaces: A Rely-Guarantee Method , 2004, ESOP.

[35]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[36]  Michele Bugliesi,et al.  Access control for mobile agents: The calculus of boxed ambients , 2004, TOPL.

[37]  Michele Bugliesi,et al.  Type Based Discretionary Access Control , 2004, CONCUR.

[38]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[39]  Andrew D. Gordon,et al.  Ðð Blockinøöóòò Aeóøø× Ò Ìììóööøø Blockin Blockinð Óñôùøøö Ë Blockin , 2007 .

[40]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .