A static approach is proposed to study secure composition of software. We extend the λ calculus with primitives for invoking services that respect given security requirements. Security critical code is enclosed in policy fram-ings with a possibly nested, local scope. Policy framings enforce safety and liveness properties of execution histo-ries. The actual histories that can occur at runtime are over-approximated by a type and effect system. These ap- proximations are model-checked to verify policy framings within their scopes. This allows for removing any run- time execution monitor, and for selecting those services that match the security requirements.

Enforcing Secure Service Composition

BARTOLETTI, MASSIMO;DEGANO, PIERPAOLO;FERRARI, GIAN-LUIGI
2005-01-01

Abstract

A static approach is proposed to study secure composition of software. We extend the λ calculus with primitives for invoking services that respect given security requirements. Security critical code is enclosed in policy fram-ings with a possibly nested, local scope. Policy framings enforce safety and liveness properties of execution histo-ries. The actual histories that can occur at runtime are over-approximated by a type and effect system. These ap- proximations are model-checked to verify policy framings within their scopes. This allows for removing any run- time execution monitor, and for selecting those services that match the security requirements.
2005
0769523404
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/193293
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 37
  • ???jsp.display-item.citation.isi??? 15
social impact