A Practical Formal Model for Safety Analysis in Capability-Based Systems

Spiessens, Fred; Roy, Peter Van

doi:10.1007/11580850_14

Cited by 13 publications

(9 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The problem is that previous research (except Spiessens [10], [11], but see Section 7) focuses on reference graph dynamics. For a state in a program's execution, the reference graph is the graph with the allocated objects as nodes, and the references they hold to each other as edges.…”

Section: Introductionmentioning

confidence: 99%

Reasoning about Object Capabilities with Logical Relations and Effect Parametricity

Devriese

Birkedal

Piessens

2016

2016 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

Object capabilities are a technique for fine-grained privilege separation in programming languages and systems, with important applications in security. However, current formal characterisations do not fully capture capability-safety of a programming language and are not sufficient for verifying typical applications. Using state-of-the-art techniques from programming languages research, we define a logical relation for a core calculus of JavaScript that better characterises capability-safety. The relation is powerful enough to reason about typical capability patterns and supports evolvable invariants on shared data structures, capabilities with restricted authority over them and isolated components with restricted communication channels. We use a novel notion of effect parametricity for deriving properties about effects. Our results imply memory access bounds that have previously been used to characterise capability-safety.

show abstract

Section: Introductionmentioning

confidence: 99%

Reasoning about Object Capabilities with Logical Relations and Effect Parametricity

Devriese

Birkedal

Piessens

2016

2016 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

show abstract

“…They discuss examples when, using data diodes, capabilities can help guarantee the mandatory access-control discipline no write down in the Bell-LaPadula model. In a similar vein, Spiessens and Van Roy [45] spell out the examples from [35] in a more abstract setting.…”

Section: Related Workmentioning

confidence: 99%

Capabilities for information flow

Birgisson

Russo

Sabelfeld

2011

Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security

View full text Add to dashboard Cite

This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.

show abstract

“…The semantics of the underlying security model are encapsulated in a few simple rules. Hence, the model and its implementation lend themselves to formal analysis [27], which we believe will allow Annex to provide very strong security guarantees.…”

Section: The Annex Security Architecturementioning

confidence: 99%

An Overview of the Annex System

Grove

Murray

Owen

et al. 2007

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

View full text Add to dashboard Cite

This paper describes the security and network architecture of the Annex system, a family of technologies for secure and pervasive communication and information processing that we have developed at the Australian Government's Defence Science and Technology Organisation. Our security architecture is built on top of a distributed object-capability system, which we believe provides an ideal platform for developing very high assurance devices. Our network architecture revolves around next generation networking technologies, including Mobile IPv6 and 802.11i wireless networking, but includes a small number of important extensions to improve security, robustness and mobility in the military context. A particular and unique contribution of our work is the tight integration of our very strong security architecture with next generation networking technologies. To complete the paper we describe our reference implementation of the Annex security and networking architecture, which consists of a number of devices known collectively as the Annex Ensemble.

show abstract

A Practical Formal Model for Safety Analysis in Capability-Based Systems

Cited by 13 publications

References 16 publications

Reasoning about Object Capabilities with Logical Relations and Effect Parametricity

Reasoning about Object Capabilities with Logical Relations and Effect Parametricity

Capabilities for information flow

An Overview of the Annex System

Contact Info

Product

Resources

About