DSpace UNL

RUN >
Faculdade de Ciências e Tecnologia (FCT) >
FCT Departamentos >
FCT: Departamento de Informática >
FCT: DI - Dissertações de Mestrado >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10362/2308

Title: A type system for access control in an object-oriented language
Authors: Pires, Mário Rui Dias
Advisor: Caires, Luís
Keywords: Security
Access control
Type system
Issue Date: 2009
Publisher: FCT - UNL
Abstract: The need for a security system to ensure the integrity of protected data leads to the development of access control systems, whose purpose is to prevent access to protected information or resources by unauthorized individuals. In this thesis, we develop and formalize a type and effect system that verifies the access control to objects in a simplified object-oriented language. Traditionally, access control is done only at run-time, using dynamic techniques, such as access control lists, that perform run-time verifications for credentials and privileges. However, these techniques increase the total execution time of an operation, potentially breaking system requirements such as usability or response time. Static approaches, based on static analysis or type systems, reduce the amount of run-time checks by doing some of those checks during compile-time, preventing the occurrence of errors before running the program and offering formal proofs of system correctness. The type system developed in this dissertation deals with the dynamic delegation of authorizations to access objects. An authorization includes the identification of the protected object and its access policy and is considered by the type system as a first class value. As such, object types are extended with policies that reflect the current privilege associated with the object, and typing an expression can produce an effect on policies. We name this new type as user type and the respective value as user view, which contain the object’s reference and a policy to access the object. We consider privileges over objects to be the methods that can be invoked. So, a policy states what methods are available to be called. When typing a method call by an user view, we are able to verify if it was authorized, that is, if the current policy says that the method is available. This mechanism allows the removal of common security specifications from class declarations, as visibility modifiers (public, private). Furthermore, we present a soundness result for our type system. We also implemented a typechecking algorithm for our type system, resulting in a tool to verify the integrity of protected objects in a system designed in the defined programming language.
Description: Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática
URI: http://hdl.handle.net/10362/2308
Appears in Collections:FCT: DI - Dissertações de Mestrado

Files in This Item:

File Description SizeFormat
Pires_2009.pdf536.91 kBAdobe PDFView/Open
Statistics
View Statistics
FacebookTwitterDeliciousLinkedInDiggGoogle BookmarksMySpaceOrkut
Formato BibTex mendeley Endnote Logotipo do DeGóis 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

 

Universidade Nova de Lisboa  - Statistics  - Feedback
Estamos no RCAAP Governo Português separator Ministério da Educação e Ciência   Fundação para a Ciência e a Tecnologia

Financiado por:

POS_C UE