11,102 research outputs found
First-Order Logic for Flow-Limited Authorization
We present the Flow-Limited Authorization First-Order Logic (FLAFOL), a logic
for reasoning about authorization decisions in the presence of information-flow
policies. We formalize the FLAFOL proof system, characterize its
proof-theoretic properties, and develop its security guarantees. In particular,
FLAFOL is the first logic to provide a non-interference guarantee while
supporting all connectives of first-order logic. Furthermore, this guarantee is
the first to combine the notions of non-interference from both authorization
logic and information-flow systems. All theorems in this paper are proven in
Coq.Comment: Coq code can be found at https://github.com/FLAFOL/flafol-co
Recommended from our members
A management architecture for active networks
In this paper we present an architecture for network and applications management, which is based on the Active Networks paradigm and shows the advantages of network programmability. The stimulus to develop this architecture arises from an actual need to manage a cluster of active nodes, where it is often required to redeploy network assets and modify nodes connectivity. In our architecture, a remote front-end of the managing entity allows the operator to design new network topologies, to check the status of the nodes and to configure them. Moreover, the proposed framework allows to explore an active network, to monitor the active applications, to query each node and to install programmable traps. In order to take advantage of the Active Networks technology, we introduce active SNMP-like MIBs and agents, which are dynamic and programmable. The programmable management agents make tracing distributed applications a feasible task. We propose a general framework that can inter-operate with any active execution environment. In this framework, both the manager and the monitor front-ends communicate with an active node (the Active Network Access Point) through the XML language. A gateway service performs the translation of the queries from XML to an active packet language and injects the code in the network. We demonstrate the implementation of an active network gateway for PLAN (Packet Language for Active Networks) in a forty active nodes testbed. Finally, we discuss an application of the active management architecture to detect the causes of network failures by tracing network events in time
Refinement Types for Secure Implementations
We present the design and implementation of a typechecker for verifying security properties of the source code of cryptographic protocols and access control mechanisms. The underlying type theory is a λ-calculus equipped with refinement types for expressing pre- and post-conditions within first-order logic. We derive formal cryptographic primitives and represent active adversaries within the type theory. Well-typed programs enjoy assertion-based security properties, with respect to a realistic threat model including key compromise. The implementation amounts to an enhanced typechecker for the general purpose functional language F#; typechecking generates verification conditions that are passed to an SMT solver. We describe a series of checked examples. This is the first tool to verify authentication properties of cryptographic protocols by typechecking their source code. © 2008 IEEE
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
Logical Relations for Session-Typed Concurrency
Program equivalence is the fulcrum for reasoning about and proving properties
of programs. For noninterference, for example, program equivalence up to the
secrecy level of an observer is shown. A powerful enabler for such proofs are
logical relations. Logical relations only recently were adopted for session
types -- but exclusively for terminating languages. This paper scales logical
relations to general recursive session types. It develops a logical relation
for progress-sensitive noninterference (PSNI) for intuitionistic linear logic
session types (ILLST), tackling the challenges non-termination and concurrency
pose, and shows that logical equivalence is sound and complete with regard to
closure of weak bisimilarity under parallel composition, using a
biorthogonality argument. A distinguishing feature of the logical relation is
its stratification with an observation index (as opposed to a step or unfolding
index), a crucial shift to make the logical relation closed under parallel
composition in a concurrent setting. To demonstrate practicality of the logical
relation, the paper develops an information flow control (IFC) refinement type
system for ILLST, with support of secrecy-polymorphic processes, and shows that
well-typed programs are self-related by the logical relation and thus enjoy
PSNI. The refinement type system has been implemented in a type checker,
featuring local security theories to support secrecy-polymorphic processes.Comment: arXiv admin note: text overlap with arXiv:2208.1374
- …