Paralocks - Role-Based Information Flow Control and Beyond
Journal article, 2010

This paper presents Paralocks, a language for building expressive but statically verifiable fine-grained information flow policies. Paralocks combine the expressive power of Flow Locks (Broberg & Sands, ESOP'06) with the ability to express policies involving runtime principles, roles (in the style of role-based access control), and relations (such as "acts-for" in discretionary access control). We illustrate the Paralocks policy language by giving a simple encoding of Myers and Liskov's Decentralized Label Model (DLM). Furthermore - and unlike the DLM - we provide an information flow semantics for full Paralock policies. Lastly we illustrate how Paralocks can be statically verified by providing a simple programming language incorporating Paralock policy specifications, and a static type system which soundly enforces information flow security according to the Paralock semantics.

Languages

Security

Verification

Author

Niklas Broberg

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

SIGPLAN Notices (ACM Special Interest Group on Programming Languages)

0362-1340 (ISSN)

Vol. 45 1 431-444

Subject Categories

Computer and Information Science

DOI

10.1145/1707801.1706349