Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The programmer maps policy onto programs by annotating types with information ...
Modelling security policies requires means to specify permissions and prohibitions. However, this is generally not sufficient to express security properties such as availability ...
The Role-Based Access Control (RBAC) model is traditionally used to manually assign users to appropriate roles, based on a specific enterprise policy, thereby authorizing them to ...
We consider the problem of statically verifying the conformance of the code of a system to an explicit authorization policy. In a distributed setting, some part of the system may ...
—This paper proposes a systematic study of information flow in credential-based declarative authorization policies. It argues that a treatment in terms of information flow is n...