Language-based access control approach for component-based software applications

Security in component-based software applications is studied by looking at information leakage from one component to another through operation calls. Components and security specifications about confidentiality as regular languages are modelled. Then a systematic way is provided to synthesise an access control mechanism, which not only guarantees all specifications to be obeyed, but also allows each user to attain maximum permissive behaviours.

[1]  Paola Inverardi,et al.  Software Architecture for Correct Components Assembly , 2003, SFM.

[2]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[3]  P. Ramadge,et al.  On the supermal controllable sublanguage of a given language , 1987 .

[4]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[5]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[6]  Jaehong Park,et al.  Formal model and policy specification of usage control , 2005, TSEC.

[7]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8]  P. Ramadge,et al.  On the supremal controllable sublanguage of a given language , 1984, The 23rd IEEE Conference on Decision and Control.

[9]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[10]  Yuzhong Qu,et al.  Design and Application of Rule Based Access Control Policies , 2005 .

[11]  D GordonAndrew,et al.  Types and effects for asymmetric cryptographic protocols , 2004 .

[12]  Orna Kupferman,et al.  Module Checking Revisited , 1997, CAV.

[13]  Diomidis Spinellis,et al.  Panoptis: Intrusion Detection Using a Domain-Specific Language , 2002, J. Comput. Secur..

[14]  Daniel M. Yellin,et al.  Protocol specifications and component adaptors , 1997, TOPL.

[15]  Heiko Mantel,et al.  Information Flow Control and Applications - Bridging a Gap , 2001, FME.

[16]  Massimo Tivoli,et al.  SYNTHESIS, a Tool for Synthesizing Correct and Protocol-Enhanced Adaptors , 2006, Obj. Logiciel Base données Réseaux.

[17]  Paola Inverardi,et al.  A Distributed Intrusion Detection Approach for Secure Software Architecture , 2005, EWSA.

[18]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[19]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[20]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[21]  Michele Bugliesi,et al.  Type Based Discretionary Access Control , 2004, CONCUR.

[22]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[23]  Tor Didriksen Rule based database access control—a practical approach , 1997, RBAC '97.

[24]  Anindya Banerjee,et al.  History-Based Access Control and Secure Information Flow , 2004, CASSIS.

[25]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.