Types and Abstract Interpretation for Authorization Hook Advice

Authorization hooks are access control checks that prevent unauthorized principals from interacting with some protected resource, and are used extensively in critical software such as operating systems, middleware, and server programs. They are often intended to mediate information flow between subj...

Full description

Saved in:
Bibliographic Details
Published inProceedings (IEEE Computer Security Foundations Symposium) pp. 139 - 152
Main Authors Skalka, Christian, Darais, David, Jaeger, Trent, Capobianco, Frank
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2020
Subjects
Authorization
Linux
Servers
Sockets
Online AccessGet full text

Cover

More Information
Summary:Authorization hooks are access control checks that prevent unauthorized principals from interacting with some protected resource, and are used extensively in critical software such as operating systems, middleware, and server programs. They are often intended to mediate information flow between subjects (e.g., file owners), but typically in an ad-hoc manner. In this paper we present a static type and effect system for detecting whether authorization hooks in programs properly defend against undesired information flow between subjects. A significant novelty of our approach is an integrated abstract interpretation-based tool that guides system clients through the information flow consequences of access control policy decisions.
ISSN:2374-8303
DOI:10.1109/CSF49147.2020.00018