Show simple item record

dc.contributor.authorDimoulas, Christos
dc.contributor.authorMoore, Scott David
dc.contributor.authorAskarov, Aslan
dc.contributor.authorChong, Stephen N
dc.date.accessioned2014-06-03T13:54:28Z
dc.date.issued2014
dc.identifierQuick submit: 2014-06-01T07:41:52-04:00
dc.identifier.citationDimoulas, Christos, Scott Moore, Aslan Askarov, Stephen Chong. 2014. Declarative Policies for Capability Control. Proceedings of the 2014 IEEE 27th Computer Security Foundations Symposium: 3-17.en_US
dc.identifier.urihttp://nrs.harvard.edu/urn-3:HUL.InstRepos:12226019
dc.description.abstractIn capability-safe languages, components can access a resource only if they possess a capability for that resource. As a result, a programmer can prevent an untrusted component from accessing a sensitive resource by ensuring that the component never acquires the corresponding capability. In order to reason about which components may use a sensitive resource it is necessary to reason about how capabilities propagate through a system. This may be difficult, or, in the case of dynamically composed code, impossible to do before running the system. To counter this situation, we propose extensions to capability-safe languages that restrict the use of capabilities according to declarative policies. We introduce two independently useful semantic security policies to regulate capabilities and describe language-based mechanisms that enforce them. Access control policies restrict which components may use a capability and are enforced using higher-order contracts. Integrity policies restrict which components may influence (directly or indirectly) the use of a capability and are enforced using an information-flow type system. Finally, we describe how programmers can dynamically and soundly combine components that enforce access control or integrity policies with components that enforce different policies or even no policy at all.en_US
dc.description.sponsorshipEngineering and Applied Sciencesen_US
dc.language.isoen_USen_US
dc.publisherInstitute of Electrical and Electronics Engineersen_US
dc.relation.isversionofdoi:10.1109/CSF.2014.9en_US
dc.relation.hasversionhttp://people.seas.harvard.edu/~chong/abstracts/DimoulasMAC2014.htmlen_US
dc.relation.hasversionhttp://csf2014.di.univr.it/indexen_US
dash.licenseLAA
dc.subjectCapabilitiesen_US
dc.subjectCapability policiesen_US
dc.subjectInformation-flow controlen_US
dc.subjectLanguage-based securityen_US
dc.titleDeclarative Policies for Capability Controlen_US
dc.typeConference Paperen_US
dc.date.updated2014-06-01T11:41:53Z
dc.description.versionAuthor's Originalen_US
dc.rights.holderChristos Dimoulas, Scott Moore, Aslan Askarov, and Stephen Chong
dc.relation.journalProceedings of the 27th IEEE Computer Security Foundations Symposiumen_US
dash.depositing.authorChong, Stephen N
dc.date.available2014-06-03T13:54:28Z
dc.identifier.doi10.1109/CSF.2014.9*
workflow.legacycommentsen_US
dash.contributor.affiliatedAskarov, Aslan
dash.contributor.affiliatedDimoulas, Christos
dash.contributor.affiliatedMoore, Scott David
dash.contributor.affiliatedChong, Stephen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record