TY - GEN
T1 - Type-based distributed access control vs. untyped attackers
AU - Chothia, Tom
AU - Duggan, Dominic
PY - 2006
Y1 - 2006
N2 - This paper considers what happens when a system erroneously places trust in an attacker. More precisely we consider untyped attackers inside a distributed system in which security is enforced by the type system. Our Key-Based Decentralised Label Model for distributed access control combines a weak form of information flow control with cryptographic type casts. We extend our model to allow inside attackers by using three sets of type rules. The first set is for honest principals. The second set is for attackers; these rules require that only communication channels can be used to communicate and express our correctness conditions. The third set of type rules are used to type processes that have become corrupted by the attackers. We show that the untyped attackers can leak their own data and disrupt the communication of any principals that place direct trust in an attacker, but no matter what the attackers try, they cannot obtain data that does not include at least one attacker in its access control policy.
AB - This paper considers what happens when a system erroneously places trust in an attacker. More precisely we consider untyped attackers inside a distributed system in which security is enforced by the type system. Our Key-Based Decentralised Label Model for distributed access control combines a weak form of information flow control with cryptographic type casts. We extend our model to allow inside attackers by using three sets of type rules. The first set is for honest principals. The second set is for attackers; these rules require that only communication channels can be used to communicate and express our correctness conditions. The third set of type rules are used to type processes that have become corrupted by the attackers. We show that the untyped attackers can leak their own data and disrupt the communication of any principals that place direct trust in an attacker, but no matter what the attackers try, they cannot obtain data that does not include at least one attacker in its access control policy.
UR - http://www.scopus.com/inward/record.url?scp=33745640519&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33745640519&partnerID=8YFLogxK
U2 - 10.1007/11679219_15
DO - 10.1007/11679219_15
M3 - Conference contribution
AN - SCOPUS:33745640519
SN - 3540326286
SN - 9783540326281
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 203
EP - 216
BT - Formal Aspects in Security and Trust - Thrid International Workshop, FAST 2005, Revised Selected Papers
T2 - 3rd International Workshop on Formal Aspects in Security and Trust, FAST 2005
Y2 - 18 July 2005 through 19 July 2005
ER -