Declarative Policies for Capability Control

DSpace/Manakin Repository

Declarative Policies for Capability Control

Citable link to this page

 

 
Title: Declarative Policies for Capability Control
Author: Dimoulas, Christos; Moore, Scott David; Askarov, Aslan; Chong, Stephen N

Note: Order does not necessarily reflect citation order of authors.

Citation: Dimoulas, Christos, Scott Moore, Aslan Askarov, Stephen Chong. 2014. Declarative Policies for Capability Control. Proceedings of the 2014 IEEE 27th Computer Security Foundations Symposium: 3-17.
Full Text & Related Files:
Abstract: In capability-safe languages, components can access a resource only if they possess a capability for that resource. As a result, a programmer can prevent an untrusted component from accessing a sensitive resource by ensuring that the component never acquires the corresponding capability. In order to reason about which components may use a sensitive resource it is necessary to reason about how capabilities propagate through a system. This may be difficult, or, in the case of dynamically composed code, impossible to do before running the system. To counter this situation, we propose extensions to capability-safe languages that restrict the use of capabilities according to declarative policies. We introduce two independently useful semantic security policies to regulate capabilities and describe language-based mechanisms that enforce them. Access control policies restrict which components may use a capability and are enforced using higher-order contracts. Integrity policies restrict which components may influence (directly or indirectly) the use of a capability and are enforced using an information-flow type system. Finally, we describe how programmers can dynamically and soundly combine components that enforce access control or integrity policies with components that enforce different policies or even no policy at all.
Published Version: doi:10.1109/CSF.2014.9
Other Sources: http://people.seas.harvard.edu/~chong/abstracts/DimoulasMAC2014.html
http://csf2014.di.univr.it/index
Terms of Use: This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at http://nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of-use#LAA
Citable link to this page: http://nrs.harvard.edu/urn-3:HUL.InstRepos:12226019
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)

 
 

Search DASH


Advanced Search
 
 

Submitters