Paralocks: Role-based information flow control and beyond

Conference Record of the Annual ACM Symposium on Principles of Programming Languages

Volumn , Issue , 2010, Pages 431-444

  Broberg, Niklas ^a   Sands, David ^b  

^a UNIVERSITY OF GOTHENBURG   (Sweden)

^b CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

Information flow; Language based security; Security policies

Indexed keywords

DISCRETIONARY ACCESS CONTROL; EXPRESSIVE POWER; INFORMATION FLOW CONTROL; INFORMATION FLOW POLICIES; INFORMATION FLOW SECURITY; INFORMATION FLOWS; LANGUAGE-BASED SECURITY; POLICY LANGUAGE; POLICY SPECIFICATION; PROGRAMMING LANGUAGE; ROLE-BASED; ROLE-BASED ACCESS CONTROL; RUNTIMES; SECURITY POLICY; STATIC TYPE SYSTEMS;

COMPUTER SOFTWARE; LAGRANGE MULTIPLIERS; LINGUISTICS; QUERY LANGUAGES; SECURITY SYSTEMS; SEMANTICS;

ACCESS CONTROL;

EID: 77950913806     PISSN: 07308566     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1706299.1706349     Document Type: Conference Paper

References (35)

1. [AHSS08] A. Askarov, S. Hunt, A. Sabelfeld, and D. Sands. Termination insensitive noninterference leaks more than just a bit. In Proc. European Symp. on Research in Computer Security, 2008.
2. [AS07] A. Askarov and A. Sabelfeld. Gradual release: Unifying declassification, encryption and key release policies. In Proc. IEEE Symp. on Security and Privacy, pages 207-221, May 2007.
3. [BEM03] A. Belokosztolszki, DMEyers, and K.Moody. Policy contexts: Controlling information flow in parameterised RBAC. In IEEE 4th International Workshop on Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003, pages 99-110, 2003.
4. [BFG07] Moritz Y. Becker, Cédric Fournet, and Andrew D. Gordon. Design and semantics of a decentralized authorization language. In Proc. IEEE Computer Security Foundations Symposium, pages 3-15. IEEE Computer Society, 2007.
5. [BNR08] A. Banerjee, D. Naumann, and S. Rosenberg. Expressive declassification policies and modular static enforcement. In Proc. IEEE Symp. on Security and Privacy, pages 339-353. IEEE Computer Society, 2008.
6. [BS06] N. Broberg and D. Sands. Flow locks: Towards a core calculus for dynamic flow policies. In Programming Languages and Systems. 15th European Symposium on Programming, ESOP 2006, volume 3924 of LNCS. Springer Verlag, 2006.
7. [BS09] Niklas Broberg and David Sands. Flow-sensitive semantics for dynamic information flow policies. In ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security (PLAS 2009), Dublin, June 15 2009. ACM.
8. [BWW08] Sruthi Bandhakavi, William Winsborough, and Marianne Winslett. A trust management approach for flexible policy management in security-typed languages. In Proc. IEEE Computer Security Foundations Symposium, pages 33-47, 2008.
9. [CGT89] S. Ceri, G. Gottlob, and L. Tanca. What you always wanted to know about Datalog(and never dared to ask). IEEE Transactions on Knowledge and Data Engineering, 1(1):146-166, 1989.
10. [CLS+01] Michael J. Covington, Wende Long, Srividhya Srinivasan, Anind K. Dev, Mustaque Ahamad, and Gregory D. Abowd. Securing context-aware applications using environment roles. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies, pages 10-20. ACM, 2001.
11. [CM77] A. K. Chandra and P. M. Merlin. Optimal implementation of conjunctive queries in relational databases. In STOC, pages 77-90, 1977.
12. [CV97] Surajit Chaudhuri and Moshe Y. Vardi. On the equivalence of recursive and nonrecursive datalog programs. Journal of Computer and System Sciences, 54(1):61-78, 1997.
13. [Den76] D. E. Denning. A lattice model of secure information flow. Comm. of the ACM, 19(5):236-243, May 1976.
14. [DeT02] John DeTreville. Binder, a logic-based security language. In IEEE Symposium on Security and Privacy, pages 105-113, 2002.
15. [DFK06] Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In Automated Reasoning, Third International Joint Conference, IJCAR 2006, volume 4130 of Lecture Notes in Computer Science, pages 632-646. Springer, 2006.
16. +01] David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-274, 2001.
17. [GI97] Luigi Giuri and Pietro Iglio. Role templates for content-based access control. In RBAC '97: Proceedings of the second ACM workshop on Role-based access control, pages 153-159. ACM, 1997.
18. [GM04] R. Giacobazzi and I. Mastroeni. Abstract non-interference: Parameterizing non-interference by abstract interpretation. In Proc. ACM Symp. on Principles of Programming Languages, pages 186-197, January 2004.
19. [HTHZ05] M. Hicks, S. Tse, B. Hicks, and S. Zdancewic. Dynamic updating of information-flow policies. In Workshop on Foundations of Computer Security, pages 7-18, June 2005.
20. [Jim01] T. Jim. SD3: A trust management system with certified evaluation. In IEEE Symposium on Security and Privacy, pages 106-115, 2001.
21. [LABW91] Butler Lampson, Martín Abadi, Michael Burrows, and Edward Wobber. Authentication in distributed systems: theory and practice. In SOSP '91: Proceedings of the thirteenth ACM symposium on Operating systems principles, pages 165-182. ACM, 1991.
22. [LMW02] N. Li, J.C. Mitchell, and W.H.Winsborough. Design of a role-based trust-management framework. In IEEE Symposium on Security and Privacy, pages 114-130, 2002.
23. [ML97] A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proc. ACM Symp. on Operating System Principles, pages 129-142, October 1997.
24. [ML98] A. C. Myers and B. Liskov. Complete, safe information flow with decentralized labels. In Proc. IEEE Symp. on Security and Privacy, pages 186-197, May 1998.
25. [Mye99] A. C. Myers. JFlow: Practical mostly-static information flow control. In Proc. ACM Symp. on Principles of Programming Languages, pages 228-241, January 1999.
26. +06] A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001-2006.
27. [SCFY96] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-based access control models. Computer, 29(2):38-47, Feb 1996.
28. [SCH08] N. Swamy, B.J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In Proc. IEEE Symp. on Security and Privacy, pages 369-383, 2008.
29. [SHTZ06] N. Swamy, M. Hicks, S. Tse, and S. Zdancewic. Managing policy updates in security-typed languages. In Proc. IEEE Computer Security Foundations Workshop, 2006.
30. [SS01] A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. Higher Order and Symbolic Computation, 14(1):59-91, March 2001.
31. [SS05] A. Sabelfeld and D. Sands. Dimensions and principles of declassification. In Proc. IEEE Computer Security Foundations Workshop, pages 255-269, June 2005.
32. [SY80] Y. Sagiv and M. Yannakakis. Equivalences among relational expressions with the union and difference operators. Journal of the ACM, 27, 1980.
33. [TZ04] S. Tse and S. Zdancewic. Run-time principals in information-flow type systems. In Proc. IEEE Symp. on Security and Privacy, pages 179-193, 2004.
34. [Ull90] Jeffrey D. Ullman. Principles of Database and Knowledge-Base Systems: Volume II: The New Technologies. W. H. Freeman & Co., New York, NY, USA, 1990.
35. [ZM07] L. Zheng and A. C. Myers. Dynamic security labels and static information flow control. International Journal of Information Security, 6, 2007.