A type system for access control in an object-oriented language
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2009 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10362/2308 |
Resumo: | Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática |
| id |
RCAP_7e48b236b525e52ce6e05583ac8a98b2 |
|---|---|
| oai_identifier_str |
oai:run.unl.pt:10362/2308 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
A type system for access control in an object-oriented languageSecurityAccess controlType systemTrabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia InformáticaThe need for a security system to ensure the integrity of protected data leads to the development of access control systems, whose purpose is to prevent access to protected information or resources by unauthorized individuals. In this thesis, we develop and formalize a type and effect system that verifies the access control to objects in a simplified object-oriented language. Traditionally, access control is done only at run-time, using dynamic techniques, such as access control lists, that perform run-time verifications for credentials and privileges. However, these techniques increase the total execution time of an operation, potentially breaking system requirements such as usability or response time. Static approaches, based on static analysis or type systems, reduce the amount of run-time checks by doing some of those checks during compile-time, preventing the occurrence of errors before running the program and offering formal proofs of system correctness. The type system developed in this dissertation deals with the dynamic delegation of authorizations to access objects. An authorization includes the identification of the protected object and its access policy and is considered by the type system as a first class value. As such, object types are extended with policies that reflect the current privilege associated with the object, and typing an expression can produce an effect on policies. We name this new type as user type and the respective value as user view, which contain the object’s reference and a policy to access the object. We consider privileges over objects to be the methods that can be invoked. So, a policy states what methods are available to be called. When typing a method call by an user view, we are able to verify if it was authorized, that is, if the current policy says that the method is available. This mechanism allows the removal of common security specifications from class declarations, as visibility modifiers (public, private). Furthermore, we present a soundness result for our type system. We also implemented a typechecking algorithm for our type system, resulting in a tool to verify the integrity of protected objects in a system designed in the defined programming language.This work was supported by a CITI research grantFCT - UNLCaires, LuísRUNPires, Mário Rui Dias2009-11-27T10:16:46Z20092009-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10362/2308enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-11T03:32:28Zoai:run.unl.pt:10362/2308Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T03:15:05.196613Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
A type system for access control in an object-oriented language |
| title |
A type system for access control in an object-oriented language |
| spellingShingle |
A type system for access control in an object-oriented language Pires, Mário Rui Dias Security Access control Type system |
| title_short |
A type system for access control in an object-oriented language |
| title_full |
A type system for access control in an object-oriented language |
| title_fullStr |
A type system for access control in an object-oriented language |
| title_full_unstemmed |
A type system for access control in an object-oriented language |
| title_sort |
A type system for access control in an object-oriented language |
| author |
Pires, Mário Rui Dias |
| author_facet |
Pires, Mário Rui Dias |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Caires, Luís RUN |
| dc.contributor.author.fl_str_mv |
Pires, Mário Rui Dias |
| dc.subject.por.fl_str_mv |
Security Access control Type system |
| topic |
Security Access control Type system |
| description |
Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática |
| publishDate |
2009 |
| dc.date.none.fl_str_mv |
2009-11-27T10:16:46Z 2009 2009-01-01T00:00:00Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10362/2308 |
| url |
http://hdl.handle.net/10362/2308 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
FCT - UNL |
| publisher.none.fl_str_mv |
FCT - UNL |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799137802770710528 |