Security Analysis of Role-based Access Control through Program Verification

We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a tool called VAC that translates ARBAC policies to imperative programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program verification problems

Static Enforcement of Role-Based Access Control

We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system's architecture. We apply this new approach to policies restricting calls to methods in Java applications. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a description of the checks made by our static verifier for static enforcement.Comment: In Proceedings WWV 2014, arXiv:1409.229

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

Proceedings of International Workshop "Global Computing: Programming Environments, Languages, Security and Analysis of Systems"

According to the IST/ FET proactive initiative on GLOBAL COMPUTING, the goal is to obtain techniques (models, frameworks, methods, algorithms) for constructing systems that are flexible, dependable, secure, robust and efficient. The dominant concerns are not those of representing and manipulating data efficiently but rather those of handling the co-ordination and interaction, security, reliability, robustness, failure modes, and control of risk of the entities in the system and the overall design, description and performance of the system itself. Completely different paradigms of computer science may have to be developed to tackle these issues effectively. The research should concentrate on systems having the following characteristics: • The systems are composed of autonomous computational entities where activity is not centrally controlled, either because global control is impossible or impractical, or because the entities are created or controlled by different owners. • The computational entities are mobile, due to the movement of the physical platforms or by movement of the entity from one platform to another. • The configuration varies over time. For instance, the system is open to the introduction of new computational entities and likewise their deletion. The behaviour of the entities may vary over time. • The systems operate with incomplete information about the environment. For instance, information becomes rapidly out of date and mobility requires information about the environment to be discovered. The ultimate goal of the research action is to provide a solid scientific foundation for the design of such systems, and to lay the groundwork for achieving effective principles for building and analysing such systems. This workshop covers the aspects related to languages and programming environments as well as analysis of systems and resources involving 9 projects (AGILE , DART, DEGAS , MIKADO, MRG, MYTHS, PEPITO, PROFUNDIS, SECURE) out of the 13 founded under the initiative. After an year from the start of the projects, the goal of the workshop is to fix the state of the art on the topics covered by the two clusters related to programming environments and analysis of systems as well as to devise strategies and new ideas to profitably continue the research effort towards the overall objective of the initiative. We acknowledge the Dipartimento di Informatica and Tlc of the University of Trento, the Comune di Rovereto, the project DEGAS for partially funding the event and the Events and Meetings Office of the University of Trento for the valuable collaboration

Immigration Legislation and Issues in the 114th Congress

The House and the Senate have considered immigration measures on a variety of issues in the 114th Congress. The Consolidated Appropriations Act, 2016 (P.L. 114-113) extends four immigration programs through September 30, 2016: the EB-5 immigrant investor Regional Center Pilot Program, the E-Verify employment eligibility verification system, the Conrad State program for foreign medical graduates, and the special immigrant religious worker program. P.L. 114-113 also contains provisions on the Visa Waiver Program and certain nonimmigrant visa categories. Other enacted immigration-related measures include the Border Jobs for Veterans Act of 2015 (P.L. 114-68) on border security personnel, the Adoptive Family Relief Act (P.L. 114-70) on intercountry adoption, and the National Defense Authorization Act for Fiscal Year 2016 (P.L. 114-92) on the Afghan special immigrant visa program. The House has passed several other immigration-related bills. Among them are the Northern Border Security Review Act (H.R. 455), the Preclearance Authorization Act of 2015 (H.R. 998), the Border Security Technology Accountability Act of 2015 (H.R. 1634), the Enforce the Law for Sanctuary Cities Act (H.R. 3009), and the American SAFE Act of 2015 (H.R. 4038). H.R. 998 has also been reported by the Senate Homeland Security and Governmental Affairs Committee with an amendment in the nature of a substitute. In addition, various bills on border security, interior enforcement, visa security, and asylum, among other issues, have been considered by a House or Senate committee. Border security- related measures have been reported or ordered to be reported by the House Homeland Security Committee (H.R. 399, H.R. 3583, H.R. 3586), or the Senate Homeland Security and Governmental Affairs Committee (S. 750, S. 1808, S. 1864,S. 1873). Interior enforcement provisions are included in bills ordered to be reported by the House Judiciary Committee (H.R. 1147, H.R. 1148, H.R. 1153) or reported by the House Appropriations Committee (H.R. 3128). S. 1635, as reported by the Senate Foreign Relations Committee, also contains interior enforcement- related provisions. Several of these interior enforcement bills also contain key provisions on other immigration issues. Among the other issues addressed in these bills are employment eligibility verification (H.R. 1147); visa security and naturalization (H.R. 1148); and expedited removal, asylum, parole, and unaccompanied alien children (H.R. 1153). H.R. 1149, as ordered to be reported by the House Judiciary Committee, also addresses unaccompanied alien children. This report discusses these and other immigration-related issues that have received legislative action or are of significant congressional interest in the 114th Congress. Department of Homeland Security appropriations are addressed in CRS Report R44053, Department of Homeland Security Appropriations: FY2016, and, for the most part, are not covered here

An Inference about Interference: A Surprising Application of Existing International Law to Inhibit Anti-Satellite Weapons

This article presents a thesis that most readers will find surprising, in an effort to develop a novel, simultaneous solution to three urgent, complex problems related to outer space. The three problems are: a) the technical fact that debris in outer space (the accumulated orbital junk produced by decades of space activities) has grown to present a serious hazard to safe and effective exploration and exploitation of space; b) the strategic fact that many countries (notably the United States, China and Russia, but others, too) continue to demonstrate a misguided interest in pursuing anti-satellite weapons, which can jeopardize the security of space; and c) the political fact that attempts to provide additional legal regulation of outer space (via new bilateral or multilateral international agreements) have failed, with little prospect for prompt conclusion of meaningful new accords. The proposed solution is to adapt existing international law in an unforeseen way. Specifically, numerous current and historical arms control treaties provide for verification of parties’ compliance via “national technical means” (NTM) of verification, which prominently include satellite-based sensory and communications systems. These treaties routinely provide protection for those essential space assets by requiring parties to undertake “not to interfere” with NTM. The argument developed here is that additional tests in space of debris-creating anti-satellite weapons would already be illegal, even without the conclusion of any dedicated new treaty against further weaponization of space, because in the current crowded conditions of space, a new cloud of orbital debris would, sooner or later, impermissibly interfere with NTM satellites. If sustained, this thesis can provide a new rationale for opposition to the development, testing, and use of anti-satellite weapons. It a legal reinforcement for the political instincts to avoid activities that further undercut the optimal usability of outer space, and it demonstrates how creative re-interpretation of existing legal provisions can promote the advancement of the rule of international law, even in circumstances where the articulation of new treaties is blocked