Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CSFW
2007
IEEE
2007
IEEE
A Type Discipline for Authorization in Distributed Systems
We consider the problem of statically verifying the conformance of the code of a system to an explicit authorization policy. In a distributed setting, some part of the system may be compromised, that is, some nodes of the system and their security credentials may be under the control of an attacker. To help predict and bound the impact of such partial compromise, we advocate logic-based policies that explicitly record dependencies between principals. We propose a conformance criterion, safety despite compromised principals, such that an invalid authorization decision at an uncompromised node can arise only when nodes on which the decision logically depends are compromised. We formalize this criterion in the setting of a process calculus, and present a verification technique based on a type system. Hence, we can verify policy conformance of code that uses a wide range of the security mechanisms found in distributed systems, ranging from secure channels down to cryptographic primitives,...
Real-time TrafficConformance Criterion | CSFW 2007 | Explicit Authorization Policy | Invalid Authorization Decision | Security Privacy |
Related Content
| Added | 14 Aug 2010 |
| Updated | 14 Aug 2010 |
| Type | Conference |
| Year | 2007 |
| Where | CSFW |
| Authors | Cédric Fournet, Andy Gordon, Sergio Maffeis |
Comments (0)
Researcher Info
|
