Paralocks - Role-Based Information Flow Control and Beyond
Artikel i vetenskaplig tidskrift, 2010

This paper presents Paralocks, a language for building expressive but statically verifiable fine-grained information flow policies. Paralocks combine the expressive power of Flow Locks (Broberg & Sands, ESOP'06) with the ability to express policies involving runtime principles, roles (in the style of role-based access control), and relations (such as "acts-for" in discretionary access control). We illustrate the Paralocks policy language by giving a simple encoding of Myers and Liskov's Decentralized Label Model (DLM). Furthermore - and unlike the DLM - we provide an information flow semantics for full Paralock policies. Lastly we illustrate how Paralocks can be statically verified by providing a simple programming language incorporating Paralock policy specifications, and a static type system which soundly enforces information flow security according to the Paralock semantics.

Languages

Security

Verification

Författare

Niklas Broberg

Chalmers, Data- och informationsteknik, Programvaruteknik (Chalmers)

David Sands

Chalmers, Data- och informationsteknik, Datavetenskap

SIGPLAN Notices (ACM Special Interest Group on Programming Languages)

0362-1340 (ISSN)

Vol. 45 1 431-444

Ämneskategorier

Data- och informationsvetenskap

DOI

10.1145/1707801.1706349