Foundations of access control for secure storage

Formal techniques have played a significant role in the study of secure communication in recent years. Specifically, there has been much research in developing process calculi, type systems, logics, and other foundations for the rigorous design and analysis of secure communication protocols. In comparison, the study of secure storage has received far less formal attention. Yet, over the years storage has assumed a pervasive role in modern computing. Now storage is a fundamental part of most networked computer systems that we rely on—and understanding secure storage is as important as understanding secure communication. One might wonder whether the foundations of secure communication already provide those of secure storage—after all, storage is a form of communication. Certainly it would be nice if techniques developed for the study of secure communication can also be applied to study secure storage. We propose to make these connections explicit. On the other hand, some distinctive features of storage pose problems for security that seem to go beyond those explored in the context of communication protocols. Perhaps the most striking of these features is access control. Indeed, storage systems typically feature access control on store operations, for various reasons that are informally linked with security. We see an intriguing and challenging research opportunity in understanding the foundations of access control for security in such systems. Therefore we propose a thorough investigation of formal techniques for the purposes of specifying, implementing, verifying, and exploiting access control in storage systems. We envisage two complementary lines of work: one that focuses on correctness proofs for various implementations of access control, and another that assumes correct “black-box” access control in proofs of end-to-end security properties. More specifically, we are interested in articulating and justifying precise security properties of several complex cryptographic access controls that appear in a variety of distributed storage designs. We are also interested in proof techniques that combine access control with static analysis for more concrete guarantees like secrecy and integrity. We report some preliminary work along these lines and outline related ongoing work. We also discuss work that remains to be done within the scope of this thesis—including work on consolidating and organizing the state of the art—and sketch a tentative plan of action that roughly spans the next two years. Finally, we summarize what we expect to be the main contributions of this thesis, and speculate on its likely impact on system security.

[1]  Martín Abadi,et al.  Authentication primitives and their compilation , 2000, POPL '00.

[2]  Martín Abadi,et al.  Secrecy Types for Asymmetric Communication , 2001, FoSSaCS.

[3]  Martín Abadi,et al.  The Existence of Refinement Mappings , 1988, LICS.

[4]  Susan S. Owicki,et al.  Network objects , 1995 .

[5]  Martín Abadi,et al.  Secrecy by typing and file-access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[6]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[7]  Martín Abadi,et al.  An Imperative Object Calculus , 1995, TAPSOFT.

[8]  Kevin W. Hamlen,et al.  Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[9]  Andrew C. Myers,et al.  Enforcing robust declassification , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[10]  Yiming Hu,et al.  SNARE: a strong security scheme for network-attached storage , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[11]  Scott F. Smith,et al.  A Systematic Approach to Static Access Control , 2001, ESOP.

[12]  Julian Rathke,et al.  Towards a behavioural theory of access and mobility control in distributed systems , 2004, Theor. Comput. Sci..

[13]  Kevin Fu,et al.  Integrity and access control in untrusted content distribution networks , 2005 .

[14]  Simon S. Lam,et al.  A lesson on authentication protocol design , 1994, OPSR.

[15]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[16]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[17]  Martín Abadi,et al.  Object Types against Races , 1999, CONCUR.

[18]  Garth A. Gibson,et al.  Security for a high performance commodity storage subsystem , 1999 .

[19]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  Jan Vitek,et al.  Type-based distributed access control , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[21]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[22]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, HLCL.

[23]  V. Sassone,et al.  A distributed calculus for role-based access control , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[24]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[25]  Andrew D. Gordon,et al.  Secrecy Despite Compromise: Types, Cryptography, and the Pi-Calculus , 2005, CONCUR.

[26]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[27]  Kenneth Knowles,et al.  Hybrid type checking , 2010, TOPL.

[28]  Sriram K. Rajamani,et al.  NETRA:: seeing through access control , 2006, FMSE '06.

[29]  Robin Milner,et al.  Fully Abstract Models of Typed lambda-Calculi , 1977, Theor. Comput. Sci..

[30]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[31]  Rocco De Nicola,et al.  KLAIM: A Kernel Language for Agents Interaction and Mobility , 1998, IEEE Trans. Software Eng..

[32]  Michael Backes,et al.  Lazy revocation in cryptographic file systems , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[33]  David B. MacQueen,et al.  The Definition of Standard ML (Revised) , 1997 .

[34]  Vasco Thudichum Vasconcelos,et al.  Typed Concurrent Objects , 1994, ECOOP.

[35]  Andrew D. Gordon,et al.  A Concurrent Object Calculus: Reduction and Typing , 1998, HLCL.

[36]  Thierry Coquand,et al.  Pattern Matching with Dependent Types , 1992 .

[37]  Andrew D. Gordon,et al.  A Type Discipline for Authorization Policies , 2005, ESOP.

[38]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[39]  Michele Bugliesi,et al.  Type Based Discretionary Access Control , 2004, CONCUR.

[40]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[41]  Michael Backes,et al.  Secure Key-Updating for Lazy Revocation , 2006, ESORICS.

[42]  Avik Chaudhuri Dynamic Access Control in a Concurrent Object Calculus , 2006, CONCUR.

[43]  Andrew D. Gordon,et al.  Ðð Blockinøöóòò Aeóøø× Ò Ìììóööøø Blockin Blockinð Óñôùøøö Ë Blockin , 2007 .

[44]  Davide Sangiorgi,et al.  Imperative objects as mobile processes , 2002, Sci. Comput. Program..

[45]  M. Abadi,et al.  Formal Analysis of Dynamic, Distributed File-System Access Controls , 2006, FORTE.

[46]  Randal C. Burns,et al.  Authenticating Network-Attached Storage , 2000, IEEE Micro.

[47]  Martín Abadi,et al.  Formal security analysis of basic network-attached storage , 2005, FMSE '05.

[48]  Martín Abadi,et al.  Secure implementation of channel abstractions , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[49]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[50]  James Riely,et al.  Information Flow vs. Resource Access in the Asynchronous Pi-Calculus , 2000, ICALP.

[51]  Michele Bugliesi,et al.  Access control for mobile agents: The calculus of boxed ambients , 2004, TOPL.

[52]  Peng Li,et al.  Downgrading policies and relaxed noninterference , 2005, POPL '05.

[53]  Dominic Duggan,et al.  Dynamic typing for distributed programming in polymorphic languages , 1999, TOPL.

[54]  Anindya Banerjee,et al.  Using access control for secure information flow in a Java-like language , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[55]  Kathleen Fisher,et al.  A Calculus for Concurrent Objects , 1996, CONCUR.

[56]  Andrew W. Leung,et al.  Scalable security for large, high performance storage systems , 2006, StorageSS '06.

[57]  Kevin Fu,et al.  Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage , 2006, NDSS.

[58]  Alon Y. Halevy,et al.  Static analysis in datalog extensions , 2001, JACM.

[59]  Dominic Duggan Type-based hot swapping of running modules (extended abstract) , 2001, ICFP '01.

[60]  Rocco De Nicola,et al.  Types for access control , 2000, Theor. Comput. Sci..

[61]  Ethan L. Miller,et al.  Secure capabilities for a petabyte-scale object-based distributed file system , 2005, StorageSS '05.

[62]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[63]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[64]  S. Stoller,et al.  Policy Analysis for Security-Enhanced Linux ∗ , 2003 .

[65]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[66]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[67]  Z. D. Kirli Confined mobile functions , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[68]  Alan Jeffrey,et al.  Timed Spi-Calculus with Types for Secrecy and Authenticity , 2005, CONCUR.

[69]  Daniele Gorla,et al.  Resource Access and Mobility Control with Dynamic Privileges Acquisition , 2003, ICALP.

[70]  Carolyn L. Talcott,et al.  A Control-Flow Analysis for a Calculus of Concurrent Objects , 2000, IEEE Trans. Software Eng..

[71]  Garth A. Gibson,et al.  A Case for Network-Attached Secure Disks, , 1996 .

[72]  Martín Abadi,et al.  Just fast keying in the pi calculus , 2004, TSEC.

[73]  Kathi Fisler,et al.  Specifying and Reasoning About Dynamic Access-Control Policies , 2006, IJCAR.

[74]  David D. Redell,et al.  NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS , 1974 .

[75]  Andrew C. Myers,et al.  Dynamic Security Labels and Noninterference , 2004 .

[76]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[77]  Luca Cardelli,et al.  Secrecy and group creation , 2005, Inf. Comput..