Skip to main content
SpringerLink
Log in

A Distributed High Assurance Reference Monitor

Extended Abstract

  • Conference paper
Information Security (ISC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3225))

Included in the following conference series:

Abstract

We present dharma, a distributed high assurance reference monitor that is generated mechanically by the formal methods tool PVS from a verified specification of its key algorithms. dharma supports policies that allow delegation of access rights, as well as structured, distributed names. To test dharma, we use it as the core reference monitor behind a web server that serves files over SSL connections. Our measurements show that formally verified high assurance access control systems are practical.

This work is supported by DARPA through SPAWAR contract N66001-00-C-8015 and by DOD University Research Initiative (URI) program administered by the Office of Naval Research under Grant N00014-01-1-0795.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. TOPLAS 15(4), 706–734 (1993)

    Article  Google Scholar 

  2. Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51, U.S. Air Force, Electronic Systems Division, Deputy for Command and Management Systems, HQ Electronic Systems Division (AFSC), L. G. Hanscom Field, Bedford, MA 01730 USA, Volume 2, pp. 58–69 (October 1972)

    Google Scholar 

  3. Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: ACM Conference on Computer and Communications Security, pp. 52–62 (1999)

    Google Scholar 

  4. Bauer, L., Schneider, M.A., Felten, E.W.: A general and flexible access-control system for the web. In: Proc. of the 11th USENIX Security Symposium, San Francisco, CA (August 2002)

    Google Scholar 

  5. Berson, T.A., Barksdale, G.L.: KSOS: Development methodology for a secure operating system. In: AFIPS Conference Proc., National Computer Conference, vol. 48, pp. 365–371 (1979)

    Google Scholar 

  6. Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: Trust management for public-key infrastructures. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  7. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. of the 1996 IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1996, pp. 164–173 (1996)

    Google Scholar 

  8. Boebert, W.E., Kain, R.Y., Young, W.D., Hansohn, S.A.: Secure Ada target: Issues, system design, and verification. In: Proc. of the 1985 IEEE Symposium on Security and Privacy, Oakland, CA, May 1985, pp. 176–190 (1985)

    Google Scholar 

  9. Chander, A., Dean, D., Mitchell, J.: A state-transition model of trust management and access control. In: Proc. of the 14th IEEE Computer Security Foundations Workshop, June 2001, pp. 27–43 (2001)

    Google Scholar 

  10. Chander, A., Dean, D., Mitchell, J.C.: Reconstructing trust management. Journal of Computer Security 12(1), 131–164 (2004)

    Google Scholar 

  11. Chen, H., Wagner, D.: MOPS: An infrastructure for examining security properties of software. In: Proc. of the 9th ACM Conference on Computer and Communication Security, Washington D.C, November 2002, pp. 235–244 (2002)

    Google Scholar 

  12. Chen, H., Wagner, D., Dean, D.: Setuid demystified. In: Proc. of the 11th USENIX Security Symposium, San Francisco, CA, August 2002, pp. 171–190 (2002)

    Google Scholar 

  13. Clarke, D., Elien, J.-E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)

    Google Scholar 

  14. Clarke, D.E.: SPKI/SDSI http server / certificate chain discovery in SPKI/SDSI. Master’s thesis, Massachusetts Institute of Technology (2001)

    Google Scholar 

  15. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory. RFC 2693 (September 1999)

    Google Scholar 

  16. Engler, D.R., Kaashoek, M.F., O’Toole Jr., J.: Exokernel: an operating system architecture for application-level resource management. In: Proc. of the 15th ACM Symposium on Operating Systems Principles (SOSP 1995), Copper Mountain, CO, December 1995, pp. 251–266 (1995)

    Google Scholar 

  17. Fraim, L.J.: SCOMP: A solution to the multilevel security problem. IEEE Computer 16(7), 26–34 (1983)

    Google Scholar 

  18. Good, D.I., London, R.L., Bledsoe, W.W.: An interactive program verification system. IEEE Transactions on Software Engineering 1(1), 59–67 (1975)

    Google Scholar 

  19. Gutmann, P.: The Design and Verification of a Cryptographic Security Architecture. PhD thesis, Department of Computer Science, University of Auckland (August 2000)

    Google Scholar 

  20. Hartman, B.: A Gypsy-based kernel. In: Proc. of the 1984 IEEE Symposium on Security and Privacy, Oakland, CA, May 1984, pp. 219–225 (1984)

    Google Scholar 

  21. Foderaro, J.: AllegroServe – A Web Application Server (Franz. Inc.), http://allegroserve.sourceforge.net/

  22. Karhs, S., Sannella, D., Tarlecki, A.: The definition of Extended ML: a gentle introduction. Theoretical Computer Science 173, 445–484 (1997)

    Article  MathSciNet  Google Scholar 

  23. Lampson, B.: Protection. In: Proc. of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443. Princeton University Press, Princeton (1971)

    Google Scholar 

  24. Li, N., Winsborough, W., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)

    Google Scholar 

  25. Locasso, R., Scheid, J., Schorre, D.V., Eggert, P.R.: The Ina Jo Specification Language Reference Manual. In: System Development Corporation, Santa Monica, CA (November 1980)

    Google Scholar 

  26. Luckham, D.C., German, S.M., von Henke, F.W., Karp, R.A., Milne, P.W., Oppen, D.C., Polak, W., Scherlis, W.L.: Stanford Pascal Verifier user manual. CSD Report STAN-CS-79-731, Stanford University, Stanford, CA (March 1979)

    Google Scholar 

  27. Mortensen, K.H.: Automatic code generation method based on coloured petri net models applied on an access control system. In: Nielsen, M., Simpson, D. (eds.) ICATPN 2000. LNCS, vol. 1825, pp. 367–386. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  28. Mosberger, D., Jin, T.: httperf: A tool for measuring web server performance. In: First Workshop on Internet Server Performance, June 1998, pp. 59–67. ACM, New York (1998)

    Google Scholar 

  29. Necula, G.C.: Proof-carrying code. In: Conference Record of POPL 1997: The 24th ACM Symposium on Principles of Programming Languages, Paris, France, January 1997, pp. 106–119 (1997)

    Google Scholar 

  30. Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. In: USENIX (ed.) 2nd Symposium on Operating Systems Design and Implementation (OSDI 1996), Seattle, WA, October 28–31, pp. 229–243. USENIX, Berkeley (1996)

    Chapter  Google Scholar 

  31. Neumann, P.G., Boyer, R.S., Feiertag, R.J., Levitt, K.N., Robinson, L.: A provably secure operating system: The system, its applications, and proofs. Technical Report CSL-116, 2nd Ed., SRI International (May 1980)

    Google Scholar 

  32. Owre, S., Shankar, N., Rushby, J.M., Stringer-Calvert, D.W.J.: PVS Language Reference, Version 2.3. SRI International (September 1999), http://pvs.csl.sri.com/

  33. Pfenning, F., Schürmann, C.: System description: Twelf — A metalogical framework for deductive systems. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 202–206. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  34. Reed, D.P.: Naming and synchronization in a decentralized computer system. Technical Report MIT/LCS/TR-205, Massachusetts Institute of Technology, Also Ph.D. thesis (September 1978)

    Google Scholar 

  35. Rescorla, E.: An introduction to OpenSSL programming, Part I. Originally appeared in the Linux Journal (2001), http://www.rtfm.com/openssl-examples/part1.pdf

  36. Rivest, R., Lampson, B.: SDSI–A Simple Distributed Security Infrastructure (October 1996), http://theory.lcs.mit.edu/~rivest/sdsi11.html

  37. Rushby, J.: Noninterference, transitivity, and channel-control policies. Technical Report SRI-CSL-92-02, SRI International (December 1992)

    Google Scholar 

  38. U.S. D.O.D. Trusted Computer System Evaluation Criteria (‘Orange Book’) (1983)

    Google Scholar 

  39. Vecellio, G., Thomas, W.: Issues in the assurance of component-based software. In: Proc. of the, Workshop on Continuing Collaborations for Successful COTS Development (ICSE2000), Limerick, Ireland (2000), http://wwwsel.iit.nrc.ca/projects/cots/icse2000wkshp/Papers/14.pdf

Download references

Author information

Authors and Affiliations

  1. DoCoMo Communications Laboratories USA, San Jose, CA, 95110, USA

    Ajay Chander

  2. Computer Science Laboratory, SRI International, Menlo Park, CA, 94025, USA

    Drew Dean

  3. Computer Science Department, Stanford University, Stanford, CA, 94305, USA

    John Mitchell

Authors
  1. Ajay Chander
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Drew Dean
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of psychology, Chinese Academy of Sciences, 100101, Beijing, P.R. China

    Kan Zhang

  2. Department of Software & Information Systems, The University of North Carolina at Charlotte, 9201 University City Blvd, 28223-0001, Charlotte, NC, USA

    Yuliang Zheng

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chander, A., Dean, D., Mitchell, J. (2004). A Distributed High Assurance Reference Monitor. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30144-8_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23208-7

  • Online ISBN: 978-3-540-30144-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation