History-sensitive versus future-sensitive approaches to security in distributed systems

We consider the use of aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. Recent work suggests to use aspects for analysing the future behaviour of programs and to make access control decisions based on this; this gives the flavour of dealing with information flow rather than mere access control. We show in this paper that it is beneficial to augment this approach with history-based components as is the traditional approach in reference monitor-based approaches to mandatory access control. Our developments are performed in an aspect-oriented coordination language aiming to describe the Bell-LaPadula policy as elegantly as possible. Furthermore, the resulting language has the capability of combining both history- and future-sensitive policies, providing even more flexibility and power.

[1]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[2]  Flemming Nielson,et al.  Advice from Belnap Policies , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[3]  Flemming Nielson,et al.  Advice for Coordination , 2008, COORDINATION.

[4]  Nuel D. Belnap,et al.  How a Computer Should Think , 2019, New Essays on Belnap-­Dunn Logic.

[5]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[6]  Rocco De Nicola,et al.  KLAIM: A Kernel Language for Agents Interaction and Mobility , 1998, IEEE Trans. Software Eng..

[7]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[8]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[9]  Stefan Berger,et al.  Shamon: A System for Distributed Mandatory Access Control , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[10]  Nicholas Carriero,et al.  Coordination languages and their significance , 1992, CACM.

[11]  Michael Huth,et al.  Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis , 2008, 2008 21st IEEE Computer Security Foundations Symposium.