A type discipline for authorization in distributed systems

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2007, Pages 31-45

  Fournet, Cédric ^a   Gordon, Andrew D ^a   Maffeis, Sergio ^b  

^a MICROSOFT RESEARCH   (United States)

^b IMPERIAL COLLEGE LONDON   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHORIZATION DECISION; SECURITY CREDENTIALS;

DECISION THEORY; FORMAL LOGIC; PROBLEM SOLVING; SECURITY OF DATA;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 35048817499     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2007.7     Document Type: Conference Paper

References (49)

1. M. Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749-786, Sept. 1999.
2. M. Abadi. Access control in a core calculus of dependency. In Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin, pages 5-31. Elsevier, 2007. Volume 172 of ENTCS.
3. M. Abadi, A. Banarjee, N. Heintz, and J. G. Riecke. A core calculus of dependency. In 26th ACM Symposium on Principles of Programming Languages (POPL'99), pages 147-160, 1999.
4. M. Abadi and B. Blanchet. Secrecy types for asymmetric communication. Theoretical Computer Science, 298(3):387-415, 2003.
5. M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. Journal of the ACM, 52(1):102-146, 2005.
6. M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706-734, 1993.
7. A. W. Appel and E. W. Feiten. Proof-carrying authentication. In 6th ACM Conference on Computer and Communications Security, 1999.
8. J. Bacon, K. Moody, and W Yao. A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security, 5(4):492-540, 2002.
9. L. Bauer. Access Control for the Web via Proof-carrying Authorization. PhD thesis, Princeton University, 2003.
10. M. Y. Becker and P. Sewell. Cassandra: flexible trust management, applied to electronic health records. In 17th IEEE Computer Security Foundations Workshop (CSFW'04), pages 139-154, June 2004.
11. E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies, pages 41-52, New York, NY, USA, 2001. ACM Press.
12. K. Bhargavan, C. Fournet, and A. D. Gordon. Verifying policy-based security for web services. In 11th ACM Conference on Computer and Communications Security (CCS'04), pages 268-277, Oct. 2004.
13. K. Bhargavan, C. Fournet, and A. D. Gordon. Verified reference implementations of WS-Security protocols. In 3rd International Workshop on Web Services and Formal Methods (WS-FM 2006), volume 4184 of Lecture Notes in Computer Science, pages 88-106. Springer, 2006.
14. K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse. Verified interoperable implementations of security protocols. In 19th IEEE Computer Security Foundations Workshop (CSFW'06), pages 139-152, 2006.
15. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW'01), pages 82-96, 2001.
16. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In IEEE 17th Symposium on Research in Security and Privacy, pages 164-173, 1996.
17. M. Bugliesi, R. Focardi, and M. Maffei. Authenticity by tagging and typing. In Formal Methods in Security Engineering (FMSE'04), pages 1-12, 2004.
18. T. Chothia, D. Duggan, and J. Vitek. Type-based distributed access control. In 16th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 2003.
19. J. Crampton, G. Loizou, and G. O'Shea. A logic of access control. The Computer Journal, 44(2):137-149, 2001.
20. J. DeTreville. Binder, a logic-based security language. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 105-113, 2002.
21. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2):198-208, 1983.
22. C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory, RFC 2693, 1999. See http://www.ietf.org/rfc/ rfc2693.txt.
23. C. Fournet, A. D. Gordon, and S. Maffeis. A type discipline for authorization policies. In 14th European Symposium on Programming (ESOP'05), volume 3444 of Lecture Notes in Computer Science, pages 141-156. Springer, 2005.
24. C. Fournet, A. D. Gordon, and S. Maffeis. A type discipline for authorization policies in distribued systems. Technical Report MSR-TR-2007-47, Microsoft Research, 2007.
25. D. Garg and F. Pfenning. Non-interference in constructive authorization logic. In 19th IEEE Computer Security Foundations Workshop (CSFW'06), pages 283-296, 2006.
26. D. Gifford and J. Lucassen. Integrating functional and imperative programming. In ACM Conference on Lisp and Functional Programming, pages 28-38, 1986.
27. A. D. Gordon and A. Jeffrey. Cryptyc: Cryptographic protocol type checker. At http://cryptyc.cs.depaul.edu/, 2002.
28. A. D. Gordon and A. Jeffrey. Typing one-to-one and one-to-many correspondences in security protocols. In Software Security-Theories and Systems, volume 2609 of Lecture Notes in Computer Science, pages 270-282. Springer, 2002.
29. A. D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 11(4):451-521, 2003.
30. A. D. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. Journal of Computer Security, 12(3/4):435-484, 2003.
31. A. D. Gordon and A. Jeffrey. Secrecy despite compromise: Types, cryptography, and the pi-calculus. In CONCUR 2005 - Concurrency Theory, volume 3653 of Lecture Notes in Computer Science, pages 186-201. Springer, 2005.
32. J. D. Guttman, F. J. Thayer, J. A. Carlson, J. C. Herzog, J. D. Ramsdell, and B. T. Sniffen. Trust management in strand spaces: a rely-guarantee method. In 13th European Symposium on Programming (ESOP'04), volume 2986 of Lecture Notes in Computer Science, pages 340-354. Springer, 2004.
33. T. Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 106-115, 2001.
34. N. Li, B. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In IEEE Symposium on Security and Privacy, pages 27-42, 2000.
35. N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130, 2002.
36. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of Lecture Notes in Computer Science, pages 147-166. Springer, 1996.
37. M. Maffei. Dynamic typing for security protocols. PhD thesis, Università Ca' Foscari Venezia, 2006.
38. R. Milner. Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, 1999.
39. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, 2000.
40. R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993-999, 1978.
41. L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85-128, 1998.
42. R. L. Rivest and B. Lampson. SDSI - A simple distributed security infrastructure, 1996. See http://theory.lcs.mit.edu/~rivest/sdsi10.ps.
43. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21 (1):5-19, 2003.
44. A. Sabelfeld and D. Sands. Dimensions and principles of declassification. In 18th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 2005.
45. P. Samarati and S. de Capitani di Vimercati. Access control: Policies, models, and mechanisms. In FOSAD 2000, volume 2171 of Lecture Notes in Computer Science, pages 137-196. Springer, 2001.
46. D. Sangiorgi and D. Walker. The π-calculus: a Theory of Mobile Processes. CUP, 2001.
47. T. Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3-32, 1994.
48. T. Woo and S. Lam. A semantic model for authentication protocols. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 178-194, 1993.
49. S. Zdancevic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. Transactions on Computer Systems, 20(3):283-328, 2002.