Typed static analysis for concurrent, policy-based, resource access control
نویسنده
چکیده
We present a type and effect system for statically determining whether concurrent programs in a simple functional language adhere to a strict access control policy. Policy states are represented by automata states and are tracked, statically, by the type and effect system. We ensure that, per thread, all function calls are, independently, in accordance with policy with respect to the current state. To verify that several concurrent threads jointly satisfy a policy we are required to explore the state space of an interleaving of the several threads’ effects. However, we observe that by furnishing our language with monitor synchronisation primitives we can reduce our state space search by abstracting away behaviours inside atomic sections. The type and effect system is proved to satisfy Subject Reduction and a Safety theorem which guarantees that well-typed programs never violate policy.
منابع مشابه
Access and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملVerifying resource access control on mobile interactive devices
A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملDynamic Access Control in a Concurrent Object Calculus
We develop a variant of Gordon and Hankin’s concurrent object calculus with support for flexible access control on methods. We investigate safe administration and access of shared resources in the resulting language. Specifically, we show a static type system that guarantees safe manipulation of objects with respect to dynamic specifications, where such specifications are enforced via access ch...
متن کاملEfficient Policy Analysis for Evolving Administrative Role Based Access Control
Role Based Access Control (RBAC) has been widely used for restricting resource access to only authorized users. Administrative Role Based Access Control (ARBAC) specifies permissions for administrators to change RBAC policies. Due to complex interactions between changes made by different administrators, it is often difficult to comprehend the full effect of ARBAC policies by manual inspection a...
متن کامل