Verification of Information Flow and Access Control Policies with Dependent Types

Aleksandar Nanevski,Deepak Garg,Anindya Banerjee

doi:10.1109/sp.2011.12

Verification of Information Flow and Access Control Policies with Dependent Types

Aleksandar Nanevski, Deepak Garg + Show 1 more

Open Access

https://doi.org/10.1109/sp.2011.12

Copy DOI

Publication Date: May 1, 2011

Citations: 121

Affiliation: IMDEA Software, Carnegie Mellon University

#Information Access Control #Verification Of Information Flow + Show 8 more

Abstract
Full-Text PDF
Similar Papers

Abstract

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-order functions, abstract types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and state-dependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title

Journal

Date

Author

View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.