DSpace UNL

Faculdade de Ciências e Tecnologia (FCT) >
FCT Departamentos >
FCT: Departamento de Informática >
FCT: DI - Dissertações de Mestrado >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10362/2308

Título: A type system for access control in an object-oriented language
Autor: Pires, Mário Rui Dias
Orientador: Caires, Luís
Palavras-chave: Security
Access control
Type system
Issue Date: 2009
Editora: FCT - UNL
Resumo: The need for a security system to ensure the integrity of protected data leads to the development of access control systems, whose purpose is to prevent access to protected information or resources by unauthorized individuals. In this thesis, we develop and formalize a type and effect system that verifies the access control to objects in a simplified object-oriented language. Traditionally, access control is done only at run-time, using dynamic techniques, such as access control lists, that perform run-time verifications for credentials and privileges. However, these techniques increase the total execution time of an operation, potentially breaking system requirements such as usability or response time. Static approaches, based on static analysis or type systems, reduce the amount of run-time checks by doing some of those checks during compile-time, preventing the occurrence of errors before running the program and offering formal proofs of system correctness. The type system developed in this dissertation deals with the dynamic delegation of authorizations to access objects. An authorization includes the identification of the protected object and its access policy and is considered by the type system as a first class value. As such, object types are extended with policies that reflect the current privilege associated with the object, and typing an expression can produce an effect on policies. We name this new type as user type and the respective value as user view, which contain the object’s reference and a policy to access the object. We consider privileges over objects to be the methods that can be invoked. So, a policy states what methods are available to be called. When typing a method call by an user view, we are able to verify if it was authorized, that is, if the current policy says that the method is available. This mechanism allows the removal of common security specifications from class declarations, as visibility modifiers (public, private). Furthermore, we present a soundness result for our type system. We also implemented a typechecking algorithm for our type system, resulting in a tool to verify the integrity of protected objects in a system designed in the defined programming language.
Descrição: Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática
URI: http://hdl.handle.net/10362/2308
Appears in Collections:FCT: DI - Dissertações de Mestrado

Files in This Item:

File Description SizeFormat
Pires_2009.pdf536,91 kBAdobe PDFView/Open

Please give feedback about this item
FacebookTwitterDeliciousLinkedInDiggGoogle BookmarksMySpace
Formato BibTex MendeleyEndnote Logotipo do DeGóis 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.


Universidade Nova de Lisboa  - Feedback
Promotores do RCAAP   Financiadores do RCAAP

Fundação para a Ciência e a Tecnologia Universidade do Minho   Governo Português Ministério da Educação e Ciência PO Sociedade do Conhecimento (POSC) Portal oficial da União Europeia