A Certified Distributed Security Logic for Authorizing Code
نویسنده
چکیده
In previous work we have proposed a distributed security logic for authorizing code. To gain assurance about the correctness of the implementation of our system, we now present a series of security logics of increasing expressive power leading up to our logic. We encode each logic in Coq, develop an algorithm for deciding queries, and prove properties about the algorithm in Coq. By using Coq’s automatic extraction mechanism, we are able to gain a high assurance about the resulting reference monitor implementations. Following this strategy yields reference monitors fully certified at the source code level for Datalog, Binder, Binder with a general extension mechanism, and a logic that combines Binder and the calculus of co-inductive constructions.
منابع مشابه
Distributed Contingency Logic and Security
In information security, ignorance is not bliss. It is always stated that hiding the protocols (let the other be ignorant about it) does not increase the security of organizations. However, there are cases that ignorance creates protocols. In this paper, we propose distributed contingency logic, a proper extension of contingency (ignorance) logic. Intuitively, a formula is distributed contingen...
متن کاملSecure Self-Certified COTS
With the advent and the rising popularity of networks, Internet, intranets and distributed systems, security is becoming one of the major concerns in IT research. An increasing number of approaches have been proposed to ensure the safety and security of programs. Among those approaches, certified code seems to be the most promising. Unfortunately, as of today, most of the research on certified ...
متن کاملSoutei, a Logic-Based Trust-Management System System Description
We describe the design and implementation of a trust-management system Soutei, a dialect of Binder, for access control in distributed systems. Soutei policies and credentials are written in a declarative logic-based security language and thus constitute distributed logic programs. Soutei policies are modular, concise, and readable. They support policy verification, and, despite the simplicity o...
متن کاملA Framework for Certified Low-Level and Operating Systems Code
Certified code technology and type systems research has reached a point where it is now possible to certify advanced safety and security properties of low-level systems code. It has become common practice to use type systems for reasoning about and verifying properties of programs. The growth of distributed computing, webbased services, and mobile-code infrastructures means that the need for su...
متن کاملAdvanced Development of Certified OS Kernels
1 Innovative Claims Operating System (OS) kernels form the bedrock of all system software—they can have the greatest impact on the resilience, extensibility, and security of today's computing hosts. A single kernel bug can easily wreck the entire system's integrity and protection. We propose to apply new advances in certified software [86] to the development of a novel OS kernel. Our certified ...
متن کامل