HBAC: A model for history-based access control and its model checking

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4189 LNCS, Issue , 2006, Pages 263-278

  Wang, Jing ^a   Takata, Yoshiaki ^a   Seki, Hiroyuki ^a  

^a NARA INSTITUTE OF SCIENCE AND TECHNOLOGY   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

DATA STRUCTURES; DYNAMIC PROGRAMMING; JAVA PROGRAMMING LANGUAGE; MATHEMATICAL MODELS; PROBLEM SOLVING; SECURITY SYSTEMS; VIRTUAL REALITY;

ACCESS CONTROL; MODEL CHECKING; SECURITY ASSURANCE; STACK INSPECTION;

PROCESS CONTROL;

EID: 33750274822     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11863908_17     Document Type: Conference Paper

References (23)

1. M. Abadi and C. Fournet, "Access control based on execution history," Network & Distributed System Security Symp., pp.107-121, 2003.
2. A. Banerjee and D. A. Naumann, "History-based access control and secure information flow," CASSIS04, LNCS 3362, pp.27-48, 2004.
3. M. Bartoletti, P. Degano, and G. L. Ferrari, "History-based access control with local policies," 8th FOSSACS, LNCS 3441, pp.316-332, 2005.
4. M. Bartoletti, P. Degano, and G. L. Ferrari, "Enforcing secure service composition," IEEE 18th CSFW, pp.211-223, 2005.
5. D. F. C. Brewer and M. J. Nash, "The Chinese wall security policy," IEEE Security & Privacy, pp.206-214, 1989.
6. R. S. Cohen and A. Y. Gold, "Theory of ω-languages. I: Characterizations of ωcontext-free languages," J. of Computer & System Science, 15, pp. 169-184, 1977.
7. A. K. Chandra, D. C. Kozen, and L. J. Stockmeyer, "Alternation, " J. of the ACM, 28, pp.114-133, 1981.
8. E. M. Clarke, Jr., O. Grumberg, and D. Peled, Model Checking, MIT Press, 2000.
9. T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to algorithms, MIT Press, 2003.
10. J. Esparza, D. Hansel, P. Rossmanith, and S. Schwoon, "Efficient algorithms for model-checking pushdown systems," CAV2000, LNCS 1855, pp.232-247, 2000.
11. U. Erlingsson and F. B. Schneider, "IRM enforcement of Java stack inspection," IEEE Security & Privacy, pp.246-255, 2000.
12. J. Esparza, A. Kučera, and S. Schwoon, "Model-checking LTL with regular variations for pushdown systems," TACS01, LNCS 2215, pp.316-339, 2001.
13. J. Esparza and S. Schwoon, "A BDD-based model checker for recursive programs," CAV2001, LNCS 2102, pp.324-336, 2001.
14. P. W. Fong, "Access control by tracking shallow execution history," IEEE Security & Privacy, pp.43-55, 2004.
15. L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers, "Going beyond the sandbox: An overview of the new security architecture in the Java™ development kit 1.2," USENIX Symp. on Internet Technologies and Systems, pp.103-112, 1997.
16. K. W. Hamlen, G. Morrisett, and F. B. Schneider, "Certified in-lined reference monitoring on .NET," Cornell University Computing and Information Science Technical Report, TR2005-2003, 2005.
17. J. E. Hopcroft, R. Motwani, and J. D. Ullman, Introduction to automata theory, languages, and computation, Addison Wesley, 2001.
18. T. Jensen, D. Le Métayer, and T. Thorn, "Verification of control flow based security properties," IEEE Security & Privacy, pp.89-103, 1999.
19. S. Kuninobu, Y. Takata, D. Taguchi, M. Nakae, and H. Seki, "A specification language for distributed policy control," 4th ICICS, LNCS 2513, pp.386-398, 2002.
20. N. Nitta, Y. Takata, and H. Seki, "An efficient security verification method for programs with stack inspection," 8th ACM Computer & Communications Security, pp.68-77, 2001.
21. A. Schaad, J. Moffett, and J. Jacob, "The role-based access control system of a European bank: a case study and discussion," 6th ACM Symp. on Access Control Models and Technologies, pp.3-9, 2001.
22. F. B. Schneider, "Enforceable security policies," ACM Trans. on Information & System Security, 3(1), pp.30-50, 2000.
23. D. Volpano and G. Smith, "A type-based approach to program security," TAPSOFT'97, LNCS 1214, pp.607-621, 1997.