Skip to main content
SpringerLink
Log in

Type-Based Distributed Access Control vs. Untyped Attackers

  • Conference paper
Formal Aspects in Security and Trust (FAST 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3866))

Included in the following conference series:

Abstract

This paper considers what happens when a system erroneously places trust in an attacker. More precisely we consider untyped attackers inside a distributed system in which security is enforced by the type system. Our Key-Based Decentralised Label Model for distributed access control combines a weak form of information flow control with cryptographic type casts. We extend our model to allow inside attackers by using three sets of type rules. The first set is for honest principals. The second set is for attackers; these rules require that only communication channels can be used to communicate and express our correctness conditions. The third set of type rules are used to type processes that have become corrupted by the attackers. We show that the untyped attackers can leak their own data and disrupt the communication of any principals that place direct trust in an attacker, but no matter what the attackers try, they cannot obtain data that does not include at least one attacker in its access control policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  • [Aba97]Abadi, M.: Secrecy by typing in security protocols. In: Theoretical Aspects of Computer Science, pp. 611–638 (1997)

    Google Scholar 

  • [AFG99] Abadi, M., Fournet, C., Gonthier, G.: Secure communications processing for distributed languages. In: IEEE Symposium on Security and Privacy (1999)

    Google Scholar 

  • [AFG00] Abadi, M., Fournet, C., Gonthier, G.: Authentication primitives and their compilation. In: Proceedings of ACM Symposium on Principles of Programming Languages (2000)

    Google Scholar 

  • [AG99] Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  • [CDV03] Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: Computer Security Foundations Workshop, Asilomar, California. IEEE, Los Alamitos (June 2003)

    Google Scholar 

  • [CDV04] Chothia, T., Duggan, D., Vitek, J.: Principals, policies and keys in a secure distributed programming language. In: Foundations of Computer Security (2004)

    Google Scholar 

  • [CGG00] Cardelli, L., Ghelli, G., Gordon, A.D.: Secrecy and group creation. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, p. 365. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  • [CV99]Castagna, G., Vitek, J.: A calculus of secure mobile computations. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 44–77. Springer, Heidelberg (1999)

    Google Scholar 

  • [DD77] Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM (1977)

    Google Scholar 

  • [Dug03] Duggan, D.: Type-based cryptographic operations. Journal of Computer Security (2003)

    Google Scholar 

  • [HR99] Hennessy, M., Riely, J.: Type-safe execution of mobile agents in anonymous networks. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  • [ML97] Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Symposium on Operating Systems Principles (1997)

    Google Scholar 

  • [Mye99] Myers., A.C.: Jflow: Practical mostly-static information flow control. In: Proceedings of ACM Symposium on Principles of Programming Languages, pp. 228–241 (1999)

    Google Scholar 

  • [PC00] Pottier, F., Conchon, S.: Information flow inference for free. In: Proceedings of ACM International Conference on Functional Programming (2000)

    Google Scholar 

  • [RH99] Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. In: Proceedings of ACM Symposium on Principles of Programming Languages (1999)

    Google Scholar 

  • [SM02] Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications (2002)

    Google Scholar 

  • [VS97] Volpano, D., Smith, G.: A type-based approach to program security. In: Proceedings of the International Joint Conference on Theory and Practice of Software Development. Springer, Heidelberg (1997)

    Google Scholar 

  • [ZCZM03]Zheng, L., Chong, S., Zdancewic, S., Myers, A.C.: Building secure distributed systems using replication and partitioning. In: IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  • [ZZNM02] Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Secure program partitioning. Transactions on Computer Systems 20(3), 283–328 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratoire d’Informatique (LIX), École Polytechnique (CNRS), 91128 Cedex, Palaiseau, France

    Tom Chothia

  2. Department of Computer Science, Stevens Institute of Technology, Hoboken, NJ, 07030, USA

    Dominic Duggan

Authors
  1. Tom Chothia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dominic Duggan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. BT Group Chief Technology Office, IP5 3RE, Ipswich, UK

    Theo Dimitrakos

  2. IIT CNR, Pisa, via Moruzzi, 1, 56125, Pisa, Italy

    Fabio Martinelli

  3. University of Newcastle, UK

    Peter Y. A. Ryan

  4. Department of Computing, University of Surrey, UK

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chothia, T., Duggan, D. (2006). Type-Based Distributed Access Control vs. Untyped Attackers. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2005. Lecture Notes in Computer Science, vol 3866. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11679219_15

Download citation

  • DOI: https://doi.org/10.1007/11679219_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-32628-1

  • Online ISBN: 978-3-540-32629-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation