A static approach is proposed to study secure composition of software. We extend the λ calculus with primitives for invoking services that respect given security requirements. Security critical code is enclosed in policy fram-ings with a possibly nested, local scope. Policy framings enforce safety and liveness properties of execution histo-ries. The actual histories that can occur at runtime are over-approximated by a type and effect system. These ap- proximations are model-checked to verify policy framings within their scopes. This allows for removing any run- time execution monitor, and for selecting those services that match the security requirements.
Enforcing Secure Service Composition
BARTOLETTI, MASSIMO;DEGANO, PIERPAOLO;FERRARI, GIAN-LUIGI
2005-01-01
Abstract
A static approach is proposed to study secure composition of software. We extend the λ calculus with primitives for invoking services that respect given security requirements. Security critical code is enclosed in policy fram-ings with a possibly nested, local scope. Policy framings enforce safety and liveness properties of execution histo-ries. The actual histories that can occur at runtime are over-approximated by a type and effect system. These ap- proximations are model-checked to verify policy framings within their scopes. This allows for removing any run- time execution monitor, and for selecting those services that match the security requirements.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
