Defining and Enforcing Referential Security

  • Jed Liu
  • Andrew C. Myers
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8414)

Abstract

Referential integrity, which guarantees that named resources can be accessed when referenced, is an important property for reliability and security. In distributed systems, however, the attempt to provide referential integrity can itself lead to security vulnerabilities that are not currently well understood. This paper identifies three kinds of referential security vulnerabilities related to the referential integrity of distributed, persistent information. Security conditions corresponding to the absence of these vulnerabilities are formalized. A language model is used to capture the key aspects of programming distributed systems with named, persistent resources in the presence of an adversary. The referential security of distributed systems is proved to be enforced by a new type system.

Keywords

Type System Operational Semantic Typing Rule Garbage Collector Authority Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full conference paper text

References

  1. 1.
    Atkinson, M., Bancilhon, F., DeWitt, D., Dittrich, K., Maier, D., Zdonik, S.: The object-oriented database system manifesto. In: Proc. International Conference on Deductive Object Oriented Databases, Kyoto, Japan (December 1989)Google Scholar
  2. 2.
    Biba, K.J.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA (April 1977)Google Scholar
  3. 3.
    Birrell, A., Nelson, G., Owicki, S., Wobber, E.: Network objects. In: SOSP 1993, pp. 217–230 (December 1993)Google Scholar
  4. 4.
    Black, A., Hutchinson, N., Jul, E., Levy, H.: Object structure in the Emerald system. In: OOPSLA 1986, pp. 78–86 (November 1986)Google Scholar
  5. 5.
    Breeze (2013), http://www.breezejs.com
  6. 6.
    Böck, H.: Java Persistence API. Springer (2011)Google Scholar
  7. 7.
    Codd, E.F.: Extending the database relational model to capture more meaning. ACM Transactions on Database Systems (TODS) 4(4), 397–434 (1979)CrossRefGoogle Scholar
  8. 8.
    Davis, H.C.: Referential integrity of links in open hypermedia systems. In: Proc. 9th ACM Conference on Hypertext and Hypermedia, pp. 207–216 (1998)Google Scholar
  9. 9.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)MATHGoogle Scholar
  10. 10.
  11. 11.
    Kappe, F.: A scalable architecture for maintaining referential integrity in distributed information systems. Journal of Universal Computer Science 1(2) (1995)Google Scholar
  12. 12.
    Liblit, B., Aiken, A.: Type systems for distributed data structures. In: POPL, pp. 199–213 (January 2000)Google Scholar
  13. 13.
    Liblit, B., Aiken, A., Yelick, K.A.: Type systems for distributed data sharing. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 273–294. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Barbara, H.: Liskov. The Argus language and system. In: Zoeppritz, M., Blaser, A. (eds.) IBM 1983. LNCS, vol. 150, pp. 343–430. Springer, Heidelberg (1983)Google Scholar
  15. 15.
    Liu, J., George, M.D., Vikram, K., Qi, X., Waye, L., Myers, A.C.: Fabric: A platform for secure distributed computation and storage. In: SOSP, pp. 321–334 (2009)Google Scholar
  16. 16.
    Liu, J., Myers, A.C.: A language for securely referencing persistent information in a federated system. Technical Report 1813-35150, Computing and Information Science Department, Cornell University (January 2014)Google Scholar
  17. 17.
    Maier, D., Stein, J.: Development and implementation of an object-oriented DBMS. In: Shriver, B., Wegner, P. (eds.) Research Directions in Object-Oriented Programming. MIT Press (1987)Google Scholar
  18. 18.
    Milner, R., Tofte, M., Harper, R.: The Definition of Standard ML. MIT Press, Cambridge (1990)Google Scholar
  19. 19.
    O.: The Common Object Request Broker: Architecture and Specification, OMG TC Document Number 91.12.1, Revision 1.1 (December 1991)Google Scholar
  20. 20.
    Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. In: POPL 1999, pp. 93–104 (1999)Google Scholar
  21. 21.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  22. 22.
    Smyth, M.B.: Power domains. Journal of Computer and System Sciences 16(1), 23–36 (1978)CrossRefMATHMathSciNetGoogle Scholar
  23. 23.
    Zheng, L., Chong, S., Myers, A.C., Zdancewic, S.: Using replication and partitioning to build secure distributed systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 236–250 (May 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Jed Liu
    • 1
  • Andrew C. Myers
    • 1
  1. 1.Department of Computer ScienceCornell UniversityIthacaUnited States

Personalised recommendations