Abstract
We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems.
The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given.
We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety properties in arbitrary configurations of collaborating entities.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11580850_20 .
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boebert, W.E.: On the inability of an unmodified capability machine to enforce the *-property. In: Proceedings of 7th DoD/NBS Computer Security Conference, September 1984, pp. 45–54 (1984), http://zesty.ca/capmyths/boebert.html
Bishop, M., Snyder, L.: The transfer of information and authority in a protection system. In: Proceedings of the seventh ACM symposium on Operating systems principles, pp. 45–54. ACM Press, New York (1979)
Dennis, J.B., Van Horn, E.C.: Programming semantics for multiprogrammed computations. Technical Report MIT/LCS/TR-23, M.I.T. Laboratory for Computer Science (1965)
Frank, J., Bishop, M.: Extending the take-grant protection system (December 1996), Available at: http://citeseer.ist.psu.edu/frank96extending.html
Hardy, N.: The confused deputy. ACM SIGOPS Oper. Syst. Rev 22(4), 36–38 (1989), http://www.cap-lore.com/CapTheory/ConfusedDeputy.html
Holzmann, G.J.: The model checker spin. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)
Salzer, J.H., Schroeder, M.D.: The protection of information in computer systems. In: Fourth ACM Symposium on Operating System Principles (March 1973)
Jürjens, J.: Secure Systems Development with UML. Springer, Berlin (2005)
Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Programming cryptographic protocols. Technical report, The MITRE Corporation. Availalbe, at http://www.ccs.neu.edu/home/guttman/
Kain, R.Y., Landwehr, C.E.: On access checking in capability-based systems. IEEE Trans. Softw. Eng. 13(2), 202–207 (1987)
Lipton, R.J., Snyder, L.: A linear time algorithm for deciding subject security. J. ACM 24(3), 455–464 (1977)
Miller, M.S., Shapiro, J.: Paradigm regained: Abstraction mechanisms for access control. In: Saraswat, V.A. (ed.) ASIAN 2003. LNCS, vol. 2896, pp. 224–242. Springer, Heidelberg (2003)
Miller, M., Stiegler, M., Close, T., Frantz, B., Yee, K.-P., Morningstar, C., Shapiro, J., Hardy, N., Tribble, E.D., Barnes, D., Bornstien, D., Wilcox-O’Hearn, B., Stanley, T., Reid, K., Bacon, D.: E: Open source distributed capabilities (2001), Available at http://www.erights.org
Miller, M.S., Tulloh, B., Shapiro, J.S.: The structure of authority: Why security is not a separable concern. In: Van Roy, P. (ed.) MOZ 2004. LNCS, vol. 3389, pp. 2–20. Springer, Heidelberg (2005)
Nielsen, M., Palamidessi, C., Valencia, F.D.: Temporal concurrent constraint programming: denotation, logic and applications. Nordic J. of Computing 9(2), 145–188 (2002)
Quesada, L., Van Roy, P., Deville, Y.: The reachability propagator. Research Report INFO-2005-07, Université catholique de Louvain, Louvain-la-Neuve, Belgium (2005)
Reich, S.: Escape from mutlithreaded hell. concurrency in the language “e” (March 2003), Presentation available at: http://www.drjava.de/e-presentation/html-english/img0.html
Saraswat, V.A.: Concurrent Constraint Programming. MIT Press, Cambridge (1993)
Saraswat, V.A., Jagadeesan, R., Gupta, V.: Default timed concurrent constraint programming. In: POPL 1995: Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 272–285. ACM Press, New York (1995)
Spiessens, F., Miller, M., Van Roy, P., Shapiro, J.: Authority Reduction in Protection Systems. Available at (2004), http://www.info.ucl.ac.be/people/fsp/ARS.pdf
Spiessens, F., Van Roy, P.: The oz-E project: Design guidelines for a secure multiparadigm programming language. In: Van Roy, P. (ed.) MOZ 2004. LNCS, vol. 3389, pp. 21–40. Springer, Heidelberg (2005)
Spiessens, F., Van Roy, P.: A practical formal model for safety analysis in Capability-Based systems. LNCS. Springer, Heidelberg (2005) Available at http://www.info.ucl.ac.be/people/fsp/tgc/tgc05fs.pdf , Presentation available at http://www.info.ucl.ac.be/people/fsp/auredsysfinal.mov
Van Roy, P., Haridi, S.: Concepts, Techniques, and Models of Computer Programming. MIT Press, Cambridge (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Spiessens, F., Van Roy, P. (2005). A Practical Formal Model for Safety Analysis in Capability-Based Systems. In: De Nicola, R., Sangiorgi, D. (eds) Trustworthy Global Computing. TGC 2005. Lecture Notes in Computer Science, vol 3705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11580850_14
Download citation
DOI: https://doi.org/10.1007/11580850_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30007-6
Online ISBN: 978-3-540-31483-7
eBook Packages: Computer ScienceComputer Science (R0)