Do as i SaY! Programmatic access control with explicit identities

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2007, Pages 16-30

  Cirillo, Andrew ^a   Jagadeesan, Radha ^a   Pitcher, Corin ^a   Riely, James ^a  

^a DEPAUL UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL MODEL; PROGRAMMATIC REALIZATION;

ABSTRACTING; DATA REDUCTION; DATA STRUCTURES; DISTRIBUTED COMPUTER SYSTEMS; MODEL CHECKING;

ACCESS CONTROL;

EID: 35048840249     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2007.19     Document Type: Conference Paper

References (45)

1. R. Aarts and P. Madsen. Liberty ID-WSF interaction service specification, http://www.projectliberty.org/, 2006.
2. M. Abadi. Access control in a core calculus of dependency. In ICFP, pages 263-273. ACM, 2006.
3. M. Abadi, M. Burrows, B. W. Lampson, and G. D. Plotkin. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst., 15(4):706-734, 1993.
4. M. Abadi and C. Fournet. Access control based on execution history. In Proc. Network and Distributed System Security Symp., 2003.
5. M. Abadi, C. Fournet, and G. Gonthier. Authentication primitives and their compilation. In POPL, pages 302-315, 2000.
6. M. Abadi and L. Lamport. Conjoining specifications. ACM Trans. Program. Lang. Syst., 17(3):507-535, 1995.
7. R. M. Amadio and C. Meyssonnier. On decidability of the control reachability problem in the asynchronous π-calculus. Nord. J. Comput., 9(1):70-101, 2002.
8. R. M. Amadio and S. Prasad. Localities and failures (extended abstract). In FSTTCS, volume 880 of LNCS, pages 205-216. Springer, 1994.
9. M. Y. Becker, A. D. Gordon, and C. Fournet. SecPAL: Design and semantics of a decentralized authorization language. Technical Report MSR-TR-2006-120, Microsoft Research, 2006.
10. E. Bertino, P. A. Bonatti, and E. Ferrari. TRBAC: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur., 4(3):191-233, 2001.
11. L. Bettini, V. Bono, R. D. Nicola, G. L. Ferrari, D. Gorla, M. Loreti, E. Moggi, R. Pugliese, E. Tuosto, and B. Venneri. The Klaim project: Theory and practice. In Global Computing, volume 2874 of LNCS, pages 88-150. Springer, 2003.
12. B. Blanchet. Automatic verification of cryptographic protocols: a logic programming approach. In PPDP, pages 1-3. ACM, 2003.
13. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In IEEE Symposium on Security and Privacy, pages 164-173, 1996.
14. P. Bonatti, S. D. C. di Vimercati, and P. Samarati. An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur., 5(1):1-35, 2002.
15. C. Braghin, D. Gorla, and V. Sassone. A distributed calculus for role-based access control. In CSFW, pages 48-60, 2004.
16. M. Bugliesi, G. Castagna, and S. Crafa. Access control for mobile agents: The calculus of boxed ambients. ACM Trans. Program. Lang. Syst., 26(1):57-124, 2004.
17. I. Castellani. Process algebras with localities. In Handbook of Process Algebra, chapter 15, pages 945-1045. North-Holland, 2001.
18. A. Chander, D. Dean, and J. C. Mitchell. Reconstructing trust management. Journal of Computer Security, 12(1):131-164, 2004.
19. A. Compagnoni, P. Garralda, and E. Gunter. Role-based access control in a mobile environment. In Symposium on Trustworthy Global Computing, 2005.
20. J. DeTreville. Binder, a logic-based security language. In IEEE Symposium on Security and Privacy, pages 105-113, 2002.
21. G. L. Ferrari, U. Montanari, and E. Tuosto. Model checking for nominal calculi. In FoSSaCS, volume 3441 of LNCS, pages 1-24. Springer, 2005.
22. C. Fournet, A. D. Gordon, and S. Maffeis. A type discipline for authorization policies. In ESOP, volume 3444 of LNCS, pages 141-156. Springer, 2005.
23. D. Garg, L. Bauer, K. D. Bowers, F. Pfenning, and M. K. Reiter. A linear logic of authorization and knowledge. In ESORICS, pages 297-312, 2006.
24. D. Garg and F. Pfenning. Non-interference in constructive authorization logic. 19th IEEE Computer Security Foundations Workshop (CSFW'06), 0:283-296, 2006.
25. D. P. Guelev, M. Ryan, and P.-Y. Schobbens. Model-checking access control policies. In ISC, volume 3225 of LNCS, pages 219-230. Springer, 2004.
26. J. D. Guttman, A. L. Herzog, J. D. Ramsdell, and C. W. Skorupka. Verifying information flow goals in Security-Enhanced Linux. Journal of Computer Security, 13(1):115-134, 2005.
27. J. Y. Halpern and V Weissman. Using first-order logic to reason about policies. In CSFW '03: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW'03), pages 118-130, 2003.
28. M. Hennessy and J. Riely. Resource access control in systems of mobile agents. Information and Computation, 173:82-120, 2002.
29. S. Hinrichs and P. Naldurg. Attack-based domain transition analysis. In Proceedings of the 2006 Security-Enhanced Linux Symposium, 2006. http://selinux-symposium.org/2006/agenda.php.
30. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst., 10(4):265-310, 1992.
31. B. W. Lampson. Protection. SIGOPS Oper. Syst. Rev., 8(1):18-24, 1974.
32. S. Landau. Liberty ID-WSF security and privacy overview. http://www.projectliberty.org/, 2006.
33. N. Li, B. N. Grosof, and J. Feigenbaum. Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur., 6(1):128-171, 2003.
34. N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust-management framework. In IEEE Symposium on Security and Privacy, page 114, 2002.
35. Z. Manna and A. Pnueli. The temporal logic of reactive and concurrent systems. Springer-Verlag New York, Inc., New York, NY, USA, 1992.
36. C. Pitcher and J. Riely. Dynamic policy discovery with remote attestation. In FoSSaCS, volume 3921 of LNCS, pages 111-125. Springer, 2006.
37. J. Riely and M. Hennessy. Trust and partial typing in open systems of mobile agents. Journal of Automated Reasoning, 31(3-4):335-370, 2003.
38. M. B. Smyth. Power domains. J. Comput. Syst. Sci., 16(1):23-36, 1978.
39. S. Tse and S. Zdancewic. Translating dependency into parametricity. In ICFP, pages 115-125. ACM, 2004.
40. D. Wijesekera and S. Jajodia. Policy algebras for access control - the predicate case. In Computer and Communications Security, pages 171-180. ACM Press, 2002.
41. D. Wijesekera and S. Jajodia. A propositional policy algebra for access control. ACM Trans. Inf. Syst. Secur., 6(2):286-325, 2003.
42. E. Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos operating system. ACM Trans. Comput. Syst., 12(1):3-32, 1994.
43. T. Y. Woo and S. S. Lam. A semantic model for authentication protocols. In IEEE Symposium on Research in Security and Privacy, 1993.
44. N. Zhang, M. Ryan, and D. P. Guelev. Evaluating access control policies through model checking. In ISC, volume 3650 of LNCS, pages 446-460. Springer, 2005.
45. X. Zhang, J. Park, F. Parisi-Presicce, and R. Sandhu. A logical specification for usage control. In SACMAT '04: Proceedings of the Ninth ACM Symposium on Access Control Models And Technologies, pages 1-10. ACM Press, 2004.