An extension of the λ-calculus is proposed, to study history- based access control. It allows for security policies with a possibly nested, local scope. We define a type and effect system that, given a program, extracts a history expression, i.e. a correct approximation to the set of histories obtainable at run-time. Validity of history expressions is non- regular, because the scope of policies can be nested. Nevertheless, a trans- formation of history expressions is presented, that makes verification possible through standard model checking techniques. A program will never fail at run-time if its history expression, extracted at compile-time, is valid.
History-based Acces Control with Local Policies
BARTOLETTI, MASSIMO;DEGANO, PIERPAOLO;FERRARI, GIAN-LUIGI
2005-01-01
Abstract
An extension of the λ-calculus is proposed, to study history- based access control. It allows for security policies with a possibly nested, local scope. We define a type and effect system that, given a program, extracts a history expression, i.e. a correct approximation to the set of histories obtainable at run-time. Validity of history expressions is non- regular, because the scope of policies can be nested. Nevertheless, a trans- formation of history expressions is presented, that makes verification possible through standard model checking techniques. A program will never fail at run-time if its history expression, extracted at compile-time, is valid.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.