Paralocks: Role-based information flow control and beyond
Paper in proceedings, 2010

This paper presents Paralocks, a language for building expressive but statically verifiable fine-grained information flow policies. Paralocks combine the expressive power of Flow Locks (Broberg & Sands, ESOP'06) with the ability to express policies involving run-time principles, roles (in the style of role-based access control), and relations (such as "acts-for" in discretionary access control). We illustrate the Paralocks policy language by giving a simple encoding of Myers and Liskov's Decentralized Label Model (DLM). Furthermore - and unlike the DLM - we provide an information flow semantics for full Paralock policies. Lastly we illustrate how Paralocks can be statically verified by providing a simple programming language incorporating Paralock policy specifications, and a static type system which soundly enforces information flow security according to the Paralock semantics.

Information flow

Language based security

Security policies

Author

Niklas Broberg

University of Gothenburg

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL'10, Madrid, Spain, 17-23 January 2010

0730-8566 (ISSN)

431-444

Subject Categories

Computer Science

DOI

10.1145/1706299.1706349

ISBN

978-160558479-9

More information

Created

10/8/2017