Abstract
This paper presents AURA, a programming language for access control that treats ordinary programming constructs (e.g., integers and recursive functions) and authorization logic constructs (e.g., principals and access control policies) in a uniform way. AURA is based on polymorphic DCC and uses dependent types to permit assertions that refer directly to AURA values while keeping computation out of the assertion level to ensure tractability. The main technical results of this paper include fully mechanically verified proofs of the decidability and soundness for AURA's type system, and a prototype typechecker and interpreter.
Supplemental Material
Available for Download
Slides from the presentation
Supplemental material for: AURA: a programming language for authorization and audit
- Martín Abadi. Logic in access control. In Proceedings of the 18th Annual Symposium on Logic in Computer Science (LICS'03), pages 228--233, June 2003. Google ScholarDigital Library
- Martín Abadi. Access control in a core calculus of dependency. In Proceedings of the 11th ACM SIGPLAN International Conference on Functional Programming, ICFP 2006, Portland, Oregon, USA, September 16-21, 2006, pages 263--273. ACM, 2006. Google ScholarDigital Library
- Martín Abadi. Access control in a core calculus of dependency. Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin ENTCS, 172:5--31, April 2007. Google ScholarDigital Library
- Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon Riecke. A core calculus of dependency. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 147--160, San Antonio, TX, January 1999. Google ScholarDigital Library
- Martín Abadi, Michael Burrows, Butler W. Lampson, and Gordon D. Plotkin. A calculus for access control in distributed systems. Transactions on Programming Languages and Systems, 15(4):706--734, September 1993. Google ScholarDigital Library
- Andrew W. Appel and Edward W. Felten. Proof-carrying authentication. In CCS '99: Proceedings of the 6th ACM conference on Computer and communications security, pages 52--62, New York, NY, USA, 1999. ACM. Google ScholarDigital Library
- Aslan Askarov, Daniel Hedin, and Andrei Sabelfeld. Cryptographically masked information flows. In Proceedings of the International Static Analysis Symposium, LNCS, Seoul, Korea, August 2006.Google Scholar
- Lennart Augustsson. Cayenne-a language with dependent types. In Proc. 3rd ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 239--250, September 1998. Google ScholarDigital Library
- Brian E. Aydemir, Arthur Charguéraud, Benjamin C. Pierce, Randy Pollack, and Stephanie Weirich. Engineering formal metatheory. In Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, 2008. Google ScholarDigital Library
- Henk P. Barendregt. Lambda calculi with types. In Samson Abramsky, Dov M. Gabbay, and Thomas S. E. Maibaum, editors, Handbook of Logic in Computer Science, volume 2, pages 117--309. Clarendon Press, Oxford, 1992. Google ScholarDigital Library
- Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar. Device-enabled authorization in the Grey system. In Information Security: 8th International Conference, ISC 2005, pages 431--445, September 2005. Google ScholarDigital Library
- Matt Bishop. Computer Security: Art and Science. Addison-Wesley Professional, 2002.Google ScholarDigital Library
- Matt Blaze, Joan Feigenbaum, and Angelos D. Keromytis. KeyNote: Trust management for public-key infrastructures (position paper). Lecture Notes in Computer Science, 1550:59--63, 1999. Google ScholarDigital Library
- J.G. Cederquist, R. Corin, M.A.C. Dekker, S. Etalle, and J.I. den Hartog. An audit logic for accountability. In The Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks, 2005. Google ScholarDigital Library
- Tom Chothia, Dominic Duggan, and Jan Vitek. Type based distributed access control. In Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW'03), Asilomar, Ca., USA, July 2003.Google ScholarCross Ref
- Yang-Hua Chu, Joan Feigenbaum, Brian LaMacchia, Paul Resnick, and Martin Strauss. REFEREE: Trust management for web applications. Computer Networks and ISDN Systems, 29:953--964, 1997. Google ScholarDigital Library
- The Coq Development Team, LogiCal Project. The Coq Proof Assistant Reference Manual, 2006.Google Scholar
- T. Coquand and G. Huet. The calculus of constructions. Information and Computation, 76, 1988. Google ScholarDigital Library
- Haskell B. Curry, Robert Feys, and William Craig. Combinatory Logic, volume 1. North-Holland, Amsterdam, 1958.Google Scholar
- Henry DeYoung, Deepak Garg, and Frank Pfenning. An authorization logic with explicit time. In Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF-21), Pittsburgh, June 2008. Google ScholarDigital Library
- Cedric Fournet, Andrew D. Gordon, and Sergio Maffeis. A type discipline for authorization policies. In Proc. of the 14th European Symposium on Programming, April 2005. Google ScholarDigital Library
- Cedric Fournet, Andrew D. Gordon, and Sergio Maffeis. A type discipline for authorization in distributed systems. In Proc. of the 20th IEEE Computer Security Foundations Symposium, July 2007. Google ScholarDigital Library
- Peter Hancock and Anton Setzer. Interactive programs in dependent type theory. In Proceedings of the 14th Annual Conference of the EACSL on Computer Science Logic, pages 317--331, London, UK, 2000. Springer-Verlag. Google ScholarDigital Library
- W. A. Howard. The formulae-as-types notion of construction. In J. P. Seldin and J. R. Hindly, editors, To H. B. Curry: Essays on Combinatory Logic, Lambda-Calculus, and Formalism, pages 479--490. Academic Press, New York, 1980.Google Scholar
- Limin Jia, Jeffrey A. Vaughan, Karl Mazurak, Jianzhou Zhao, Luke Zarko, Joseph Schorr, and Steve Zdancewic. Aura: A programming language for authorization and audit, preliminary technical results. Technical Report MS-CIS-08-10, U. Pennsylvania, 2008.Google Scholar
- Simon Peyton Jones and Erik Meijer. Henk: A typed intermediate language. In Proceedings of the Types in Compilation Workshop, Amsterdam, June 1997.Google Scholar
- Peeter Laud. On the computational soundness of cryptographically masked flows. SIGPLAN Not., 43(1):337--348, 2008. Google ScholarDigital Library
- Peeter Laud and Varmo Vene. A type system for computationally secure information flow. In Proceedings of the 15th International Symposium on Fundamentals of Computational Theory, volume 3623, pages 365--377, Lübeck, Germany, 2005. Google ScholarDigital Library
- Daniel K. Lee, Karl Crary, and Robert Harper. Towards a mechanized metatheory of Standard ML. In POPL '07: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 173--184, 2007. Google ScholarDigital Library
- Conor McBride. The Epigram Prototype: a nod and two winks, April 2005. Available from http://www.e- pig.org/downloads/epigram-system.pdf.Google Scholar
- Andrew C. Myers, Stephen Chong, Nathaniel Nystrom, Lantian Zheng, and Steve Zdancewic. Jif: Java information flow. 1999.Google Scholar
- A. Nanevski, G. Morrisett, and L. Birkedal. Polymorphism and separation in Hoare Type Theory. In Proc. 11th ACM SIGPLAN International Conference on Functional Programming (ICFP), 2006. Google ScholarDigital Library
- Ulf Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Department of Computer Science and Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden, September 2007.Google Scholar
- Simon Peyton Jones, Dimitrios Vytiniotis, Stephanie Weirich, and Geoffrey Washburn. Simple unification-based type inference for GADTs. In Proceedings of the Eleventh ACM SIGPLAN International Conference on Functional Programming, 2006. Google ScholarDigital Library
- François Pottier and Vincent Simonet. Information flow inference for ML. ACM Trans. Program. Lang. Syst., 25(1):117--158, 2003. Google ScholarDigital Library
- Geoffrey Smith and Rafael Alpízar. Secure information flow with random assignment and encryption. In Proceedings of The 4th ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code (FSME'06), pages 33--43, November 2006. Google ScholarDigital Library
- Martin Sulzmann, Manuel M. T. Chakravarty, Simon Peyton Jones, and Kevin Donnelly. System F with type equality coercions. In TLDI '07: Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation, pages 53--66, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- Nikhil Swamy, Brian J. Corcoran, and Michael Hicks. Fable: A language for enforcing user-defined security policies. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland), May 2008. Google ScholarDigital Library
- Don Syme. ILX: Extending the .NET Common IL for functional language interoperability. Electronic Notes in Theoretical Computer Science, 59(1), 2001.Google Scholar
- Jeffrey A. Vaughan, Limin Jia, Karl Mazurak, and Steve Zdancewic. Evidence-based audit. In Proc. of the IEEE Computer Security Foundations Symposium, 2008. Extended version available as U. Pennsylvania Technical Report MS-CIS-08-09. Google ScholarDigital Library
- Jeffrey A. Vaughan and Steve Zdancewic. A cryptographic decentralized label model. In IEEE Symposium on Security and Privacy, pages 192--206, Berkeley, California, 2007. Google ScholarDigital Library
- Philip Wadler. Monads for functional programming. In J. Jeuring and E. Meijer, editors, Advanced Functional Programming, volume 925 of LNCS. Springer Verlag, 1995. Some errata fixed August 2001. Google ScholarDigital Library
- Philip Wadler and Robert Bruce Findler. Well-typed programs can't be blamed. In Workshop on Scheme and Functional Programming, pages 15--26, 2007.Google Scholar
- E. Westbrook, A. Stump, and I. Wehrman. A language-based approach to functionally correct imperative programming. In B. Pierce, editor, 10th ACM SIGPLAN International Conference on Functional Programming, Tallinn, Estonia, 2005. Google ScholarDigital Library
- Edward Wobber, Martín Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Trans. Comput. Syst., 12(1):3--32, 1994. Google ScholarDigital Library
- Hongwei Xi. Applied Type System (extended abstract). In post-workshop Proceedings of TYPES 2003, pages 394--408. Springer-Verlag LNCS 3085, 2004.Google Scholar
- Hongwei Xi and Frank Pfenning. Dependent types in practical programming. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), San Antonio, Texas, September 1998. Google ScholarDigital Library
Index Terms
- AURA: a programming language for authorization and audit
Recommendations
AURA: a programming language for authorization and audit
ICFP '08: Proceedings of the 13th ACM SIGPLAN international conference on Functional programmingThis paper presents AURA, a programming language for access control that treats ordinary programming constructs (e.g., integers and recursive functions) and authorization logic constructs (e.g., principals and access control policies) in a uniform way. ...
Role-based access control for boxed ambients
Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Comments