Sciweavers

CSFW
2007
IEEE

A Type Discipline for Authorization in Distributed Systems

14 years 3 months ago
A Type Discipline for Authorization in Distributed Systems
We consider the problem of statically verifying the conformance of the code of a system to an explicit authorization policy. In a distributed setting, some part of the system may be compromised, that is, some nodes of the system and their security credentials may be under the control of an attacker. To help predict and bound the impact of such partial compromise, we advocate logic-based policies that explicitly record dependencies between principals. We propose a conformance criterion, safety despite compromised principals, such that an invalid authorization decision at an uncompromised node can arise only when nodes on which the decision logically depends are compromised. We formalize this criterion in the setting of a process calculus, and present a verification technique based on a type system. Hence, we can verify policy conformance of code that uses a wide range of the security mechanisms found in distributed systems, ranging from secure channels down to cryptographic primitives,...
Cédric Fournet, Andy Gordon, Sergio Maffeis
Added 14 Aug 2010
Updated 14 Aug 2010
Type Conference
Year 2007
Where CSFW
Authors Cédric Fournet, Andy Gordon, Sergio Maffeis
Comments (0)