TY - GEN
T1 - Types and Abstract Interpretation for Authorization Hook Advice
AU - Skalka, Christian
AU - Darais, David
AU - Jaeger, Trent
AU - Capobianco, Frank
N1 - Funding Information:
This research was supported by the National Science Foundation (NSF) under Grant Numbers CNS-1408880 and CNS-1408801.
Funding Information:
ACKNOWLEDGEMENTS We thank the reviewers for their helpful feedback in improving this work. This work was suppored in part by ODNI IARPA via 2019-1902070008, and NSF awards CCF-1901278, CNS-1718083 and CNS-1408801. The views, opinions and/or findings expresses are those of the authors and should not be interpreted as representing the official views or policies of any US Government agency. The US Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation therein.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/6
Y1 - 2020/6
N2 - Authorization hooks are access control checks that prevent unauthorized principals from interacting with some protected resource, and are used extensively in critical software such as operating systems, middleware, and server programs. They are often intended to mediate information flow between subjects (e.g., file owners), but typically in an ad-hoc manner. In this paper we present a static type and effect system for detecting whether authorization hooks in programs properly defend against undesired information flow between subjects. A significant novelty of our approach is an integrated abstract interpretation-based tool that guides system clients through the information flow consequences of access control policy decisions.
AB - Authorization hooks are access control checks that prevent unauthorized principals from interacting with some protected resource, and are used extensively in critical software such as operating systems, middleware, and server programs. They are often intended to mediate information flow between subjects (e.g., file owners), but typically in an ad-hoc manner. In this paper we present a static type and effect system for detecting whether authorization hooks in programs properly defend against undesired information flow between subjects. A significant novelty of our approach is an integrated abstract interpretation-based tool that guides system clients through the information flow consequences of access control policy decisions.
UR - http://www.scopus.com/inward/record.url?scp=85090461134&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85090461134&partnerID=8YFLogxK
U2 - 10.1109/CSF49147.2020.00018
DO - 10.1109/CSF49147.2020.00018
M3 - Conference contribution
AN - SCOPUS:85090461134
T3 - Proceedings - IEEE Computer Security Foundations Symposium
SP - 139
EP - 152
BT - Proceedings - 2020 IEEE 33rd Computer Security Foundations Symposium, CSF 2020
PB - IEEE Computer Society
T2 - 33rd IEEE Computer Security Foundations Symposium, CSF 2020
Y2 - 22 June 2020 through 25 June 2020
ER -