Formal Analysis of Dynamic, Distributed File-System Access Controls

We model networked storage systems with distributed, cryptographically enforced file-access control in an applied pi calculus. The calculus contains cryptographic primitives and supports file-system constructs, including access revocation. We establish that the networked storage systems implement simpler, centralized storage specifications with local access-control checks. More specifically, we prove that the former systems preserve safety properties of the latter systems. Focusing on security, we then derive strong secrecy and integrity guarantees for the networked storage systems.

[1]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[2]  Howard Gobioff,et al.  Security for Network Attached Storage Devices , 1997 .

[3]  Garth A. Gibson,et al.  Security for a high performance commodity storage subsystem , 1999 .

[4]  Randal C. Burns,et al.  Authenticating Network-Attached Storage , 2000, IEEE Micro.

[5]  Martín Abadi,et al.  Formal security analysis of basic network-attached storage , 2005, FMSE '05.

[6]  Robin Milner,et al.  The Polyadic π-Calculus: a Tutorial , 1993 .

[7]  Garth A. Gibson,et al.  A Case for Network-Attached Secure Disks, , 1996 .

[8]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[9]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[10]  Andrew D. Gordon,et al.  Ðð Blockinøöóòò Aeóøø× Ò Ìììóööøø Blockin Blockinð Óñôùøøö Ë Blockin , 2007 .

[11]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[12]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[13]  Robin Milner,et al.  Fully Abstract Models of Typed lambda-Calculi , 1977, Theor. Comput. Sci..

[14]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[15]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[16]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[17]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[18]  Yiming Hu,et al.  SNARE: a strong security scheme for network-attached storage , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[19]  Martín Abadi,et al.  Analyzing security protocols with secrecy types and logic programs , 2002, POPL '02.

[20]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.