Types and Abstract Interpretation for Authorization Hook Advice

Christian Skalka, David Darais, Trent Jaeger, Frank Capobianco

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Authorization hooks are access control checks that prevent unauthorized principals from interacting with some protected resource, and are used extensively in critical software such as operating systems, middleware, and server programs. They are often intended to mediate information flow between subjects (e.g., file owners), but typically in an ad-hoc manner. In this paper we present a static type and effect system for detecting whether authorization hooks in programs properly defend against undesired information flow between subjects. A significant novelty of our approach is an integrated abstract interpretation-based tool that guides system clients through the information flow consequences of access control policy decisions.

Original languageEnglish (US)
Title of host publicationProceedings - 2020 IEEE 33rd Computer Security Foundations Symposium, CSF 2020
PublisherIEEE Computer Society
Pages139-152
Number of pages14
ISBN (Electronic)9781728165721
DOIs
StatePublished - Jun 2020
Event33rd IEEE Computer Security Foundations Symposium, CSF 2020 - Virtual, Online, United States
Duration: Jun 22 2020Jun 25 2020

Publication series

NameProceedings - IEEE Computer Security Foundations Symposium
Volume2020-June
ISSN (Print)1940-1434

Conference

Conference33rd IEEE Computer Security Foundations Symposium, CSF 2020
CountryUnited States
CityVirtual, Online
Period6/22/206/25/20

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Fingerprint Dive into the research topics of 'Types and Abstract Interpretation for Authorization Hook Advice'. Together they form a unique fingerprint.

Cite this