CRCS Privacy & Security Lunch Seminar - Wed. March 14
Speaker: Marco Pistoia, IBM Research
Date: Wednesday, 14 March
Time: talk 12-1, discussion 1-1:30 (lunch provided)
Place: Maxwell Dworkin 2nd floor lounge
Title: “Beyond Stack Inspection: A Unified Access-Control and Information-
Flow Security Model”
Abstract:
Modern component-based systems, such as Java and Microsoft .NET Common
Language Runtime (CLR) have adopted Stack-Based Access Control (SBAC). Its
purpose is to use stack inspection to verify that all the code responsible
for a security-sensitive action is sufficiently authorized to perform that action.
Previous literature has shown that the security model enforced by SBAC is flawed in that stack inspection may allow unauthorized code no longer on the stack to influence the execution of security-sensitive code. A different approach, History Based Access Control (HBAC), is safe but may prevent authorized code from executing a security-sensitive operation if less trusted code was previously executed. In this talk, we formally introduce Information-Based Access Control (IBAC), a novel security model that verifies that all and only the code responsible for a security- sensitive operation is sufficiently authorized. Given an access- control policy, we present a mechanism to extract from it an implicit integrity policy, and we prove that IBAC enforces both policies. Furthermore, we discuss large-scale application code scenarios to which IBAC can be successfully applied.
This is joint work with Anindya Banerjee (Kansas State University) and David Naumann (Stevens Institute of Technology).
BIO
Dr. Marco Pistoia has worked for IBM Corporation since January 1996 and is
currently a Research Staff Member in the Programming Languages and Software
Engineering Department at the IBM Thomas J. Watson Research Center in Hawthorne, New York. He has written ten books, filed sixteen patents, and published numerous papers and journal articles on all areas of program analysis and language-based security.