History-Based Access Control with Local Policies

An extension of the λ-calculus is proposed, to study history-based access control. It allows for security policies with a possibly nested, local scope. We define a type and effect system that, given a program, extracts a history expression, i.e. a correct approximation to the set of histories obtainable at run-time. Validity of history expressions is non-regular, because the scope of policies can be nested. Nevertheless, a transformation of history expressions is presented, that makes verification possible through standard model checking techniques. A program will never fail at run-time if its history expression, extracted at compile-time, is valid.

[1]  Gian Luigi Ferrari,et al.  Inlining in the presence of Stack Inspection ? , 2004 .

[2]  Pierre Jouvelot,et al.  The type and effect discipline , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[3]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[4]  Scott F. Smith,et al.  History Effects and Verification , 2004, APLAS.

[5]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[6]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[7]  Jan Vitek,et al.  Secure Internet Programming , 1999 .

[8]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[9]  Peter J. Stuckey,et al.  Resource Usage Verification , 2003, APLAS.

[10]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[11]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[12]  Thomas Colcombet,et al.  Enforcing trace properties by program transformation , 2000, POPL '00.

[13]  Reinhard Wilhelm Informatics - 10 Years Back. 10 Years Ahead , 2001, Informatics - 10 Years Back. 10 Years Ahead..

[14]  Fred B. Schneider,et al.  A Language-Based Approach to Security , 2001, Informatics.

[15]  Martín Abadi,et al.  Access Control Based on Execution History , 2003, NDSS.

[16]  Cédric Fournet,et al.  Stack inspection: Theory and variants , 2003, TOPL.

[17]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[18]  Atsushi Igarashi,et al.  Resource usage analysis , 2002, POPL '02.

[19]  Javier Esparza,et al.  On the Decidability of Model Checking for Several µ-calculi and Petri Nets , 1994, CAAP.

[20]  Anindya Banerjee,et al.  History-Based Access Control and Secure Information Flow , 2004, CASSIS.

[21]  Philip W. L. Fong Access control by tracking shallow execution history , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[22]  Jan A. Bergstra,et al.  Algebra of Communicating Processes with Abstraction , 1985, Theor. Comput. Sci..

[23]  Daniel Le Métayer,et al.  Model Checking Security Properties of Control Flow Graphs , 2001, J. Comput. Secur..