Extensible access control with authorization contracts

Abstract

Existing programming language access control frameworks do not meet the needs of all software components. We propose an expressive framework for implementing access control monitors for components. The basis of the framework is a novel concept: the authority environment. An authority environment associates rights with an execution context. The building blocks of access control monitors in our framework are authorization contracts: software contracts that manage authority environments. We demonstrate the expressiveness of our framework by implementing a diverse set of existing access control mechanisms and writing custom access control monitors for three realistic case studies.

Document Details

Document Type
Pub Defense Publication
Publication Date
Oct 19, 2016
Source ID
10.1145/3022671.2984021

Entities

People

  • Christos Dimoulas
  • Matthew Flatt
  • Robert Bruce Findler
  • Scott A. Moore
  • Stephen Chong

Organizations

  • Air Force Office of Scientific Research
  • Google
  • Harvard University
  • National Science Foundation
  • Northwestern University
  • University of Utah

Tags

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Defense Acquisition Program Management