Results 1  10
of
16
SecurityTyped Programming within DependentlyTyped Programming
"... Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensi ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensitive resource to be accompanied by a proof. The securitytyped languages described in the literature, such as Aura and PCML5, have been presented as new, standalone language designs. In this paper, we instead show how to embed a securitytyped programming language within an existing dependently typed programming language, Agda. This languagedesign strategy allows us to inherit both the metatheoretic results, such as type safety, and the implementation of the host language. Our embedding consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning’s BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we define an indexed monad of computations on behalf of a principal, with proofcarrying primitive operations. Our work shows that a dependently typed language can be used to prototype a securitytyped language, and contributes to the growing body of literature on using dependently typed languages to construct domainspecific type systems. 1
PCAL: Language support for proofcarrying authorization systems
 In European Symposium on Research in Computer Security
"... Abstract. By shifting the burden of proofs to the user, a proofcarrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those proofs can be a daunting task for the user. In this paper we develop a Bashlike language, PCAL, that can autom ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Abstract. By shifting the burden of proofs to the user, a proofcarrying authorization (PCA) system can automatically enforce complex access control policies. Unfortunately, managing those proofs can be a daunting task for the user. In this paper we develop a Bashlike language, PCAL, that can automate correct and efficient use of a PCA interface. Given a PCAL script, the PCAL compiler tries to statically construct the proofs required for executing the commands in the script, while reusing proofs to the extent possible and rewriting the script to construct the remaining proofs dynamically. We obtain a formal guarantee that if the policy does not change between compile time and run time, then the compiled script cannot fail due to access checks at run time.
B.: Proofcarrying code in a sessiontyped process calculus
 In: Proc. of CPP ’11. LNCS
, 2011
"... Abstract. Dependent session types allow us to describe not only properties of the I/O behavior of processes but also of the exchanged data. In this paper we show how to exploit dependent session types to express proofcarrying communication. We further introduce two modal operators into the type the ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
Abstract. Dependent session types allow us to describe not only properties of the I/O behavior of processes but also of the exchanged data. In this paper we show how to exploit dependent session types to express proofcarrying communication. We further introduce two modal operators into the type theory to provide detailed control about how much information is communicated: one based on traditional proof irrelevance and one integrating digital signatures.
Labeled Sequent Calculi for Access Control Logics: Countermodels, Saturation and Abduction
, 2012
"... We show that Kripke semantics of modal logic, manifest in the syntactic proof formalism of labeled sequent calculi, can be used to solve three central problems in access control: Generating evidence for denial of access (countermodel generation), finding all consequences of a policy (saturation) and ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We show that Kripke semantics of modal logic, manifest in the syntactic proof formalism of labeled sequent calculi, can be used to solve three central problems in access control: Generating evidence for denial of access (countermodel generation), finding all consequences of a policy (saturation) and determining which additional credentials will allow an access (abduction). At the core of our work is a single, nontrivial, countermodel producing decision procedure for a specific access control logic. The procedure is based on backwards search in a labeled sequent calculus for the logic. Modifications of the calculus yield a procedure for abduction and, surprisingly, for saturation. 1
A Logical Representation of Common Rules for Controlling Access to Classified Information
, 2009
"... Official policies for controlling access to classified information in the U.S. are quite complex and often difficult to enforce. We present an encoding of a common core of these policies in an authorization logic, and describe their rigorous enforcement in PCFS, a file system implemented for such pu ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Official policies for controlling access to classified information in the U.S. are quite complex and often difficult to enforce. We present an encoding of a common core of these policies in an authorization logic, and describe their rigorous enforcement in PCFS, a file system implemented for such purposes.
Foundations and Applications of HigherDimensional Directed Type Theory
"... Intuitionistic type theory [43] is an expressive formalism that unifies mathematics and computation. A central concept is the propositionsastypes principle, according to which propositions are interpreted as types, and proofs of a proposition are interpreted as programs of the associated type. Mat ..."
Abstract
 Add to MetaCart
Intuitionistic type theory [43] is an expressive formalism that unifies mathematics and computation. A central concept is the propositionsastypes principle, according to which propositions are interpreted as types, and proofs of a proposition are interpreted as programs of the associated type. Mathematical propositions are thereby to be understood as specifications, or problem descriptions, that are solved by providing a program that meets the specification. Conversely, a program can, by the same token, be understood as a proof of its type viewed as a proposition. Over the last quartercentury type theory has emerged as the central organizing principle of programming language research, through the identification of the informal concept of language features with type structure. Numerous benefits accrue from the identification of proofs and programs in type theory. First, it provides the foundation for integrating types and verification, the two most successful formal methods used to ensure the correctness of software. Second, it provides a language for the mechanization of mathematics in which proof checking is equivalent to type checking, and proof search is equivalent to writing a program to meet a specification.
A ProofCarrying File System with Revocable and UseOnce Certificates
"... Abstract. We present the design and implementation of a file system which allows authorizations dependent on revocable and useonce policy certificates. Authorizations require explicit proof objects, combining ideas from previous authorization logics and Girard’s linear logic. Useonce certificates a ..."
Abstract
 Add to MetaCart
Abstract. We present the design and implementation of a file system which allows authorizations dependent on revocable and useonce policy certificates. Authorizations require explicit proof objects, combining ideas from previous authorization logics and Girard’s linear logic. Useonce certificates and revocations lists are maintained in a database that is consulted during file access. Experimental results demonstrate that the overhead of using the database is not significant in practice. 1
Stateful Authorization Logic – Proof Theory and a Case Study
"... Abstract. Authorization policies can be conveniently represented and reasoned about in logic. Proof theory is important for many such applications of logic. However, so far, there has been no systematic study of proof theory that incorporates system state, upon which access policies often rely. The ..."
Abstract
 Add to MetaCart
Abstract. Authorization policies can be conveniently represented and reasoned about in logic. Proof theory is important for many such applications of logic. However, so far, there has been no systematic study of proof theory that incorporates system state, upon which access policies often rely. The present paper fills this gap by presenting the design and proof theory of an authorization logic BL that, among other features, includes direct support for external procedures to verify predicates on system state. We discuss design choices in the interaction between state and other features of the logic and validate the logic both foundationally, by proving relevant metatheoretic properties of the logic’s proof system, and empirically, through a case study of policies that control access to sensitive intelligence information in the U.S.
Linear Logical Voting Protocols
"... Abstract. Current approaches to electronic implementations of voting protocols involve translating legal text to source code of an imperative programming language. Because the gap between legal text and source code is very large, it is difficult to trust that the program meets its legal specificatio ..."
Abstract
 Add to MetaCart
Abstract. Current approaches to electronic implementations of voting protocols involve translating legal text to source code of an imperative programming language. Because the gap between legal text and source code is very large, it is difficult to trust that the program meets its legal specification. In response, we promote linear logic as a highlevel language for both specifying and implementing voting protocols. Our linear logical specification of the single transferable vote protocol demonstrates that this approach leads to concise implementations that closely correspond to their legal specification, thereby increasing trust. 1