Abstract
Referential integrity, which guarantees that named resources can be accessed when referenced, is an important property for reliability and security. In distributed systems, however, the attempt to provide referential integrity can itself lead to security vulnerabilities that are not currently well understood. This paper identifies three kinds of referential security vulnerabilities related to the referential integrity of distributed, persistent information. Security conditions corresponding to the absence of these vulnerabilities are formalized. A language model is used to capture the key aspects of programming distributed systems with named, persistent resources in the presence of an adversary. The referential security of distributed systems is proved to be enforced by a new type system.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Atkinson, M., Bancilhon, F., DeWitt, D., Dittrich, K., Maier, D., Zdonik, S.: The object-oriented database system manifesto. In: Proc. International Conference on Deductive Object Oriented Databases, Kyoto, Japan (December 1989)
Biba, K.J.: Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA (April 1977)
Birrell, A., Nelson, G., Owicki, S., Wobber, E.: Network objects. In: SOSP 1993, pp. 217–230 (December 1993)
Black, A., Hutchinson, N., Jul, E., Levy, H.: Object structure in the Emerald system. In: OOPSLA 1986, pp. 78–86 (November 1986)
Breeze (2013), http://www.breezejs.com
Böck, H.: Java Persistence API. Springer (2011)
Codd, E.F.: Extending the database relational model to capture more meaning. ACM Transactions on Database Systems (TODS) 4(4), 397–434 (1979)
Davis, H.C.: Referential integrity of links in open hypermedia systems. In: Proc. 9th ACM Conference on Hypertext and Hypermedia, pp. 207–216 (1998)
Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Hibernate, http://www.hibernate.org
Kappe, F.: A scalable architecture for maintaining referential integrity in distributed information systems. Journal of Universal Computer Science 1(2) (1995)
Liblit, B., Aiken, A.: Type systems for distributed data structures. In: POPL, pp. 199–213 (January 2000)
Liblit, B., Aiken, A., Yelick, K.A.: Type systems for distributed data sharing. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 273–294. Springer, Heidelberg (2003)
Barbara, H.: Liskov. The Argus language and system. In: Zoeppritz, M., Blaser, A. (eds.) IBM 1983. LNCS, vol. 150, pp. 343–430. Springer, Heidelberg (1983)
Liu, J., George, M.D., Vikram, K., Qi, X., Waye, L., Myers, A.C.: Fabric: A platform for secure distributed computation and storage. In: SOSP, pp. 321–334 (2009)
Liu, J., Myers, A.C.: A language for securely referencing persistent information in a federated system. Technical Report 1813-35150, Computing and Information Science Department, Cornell University (January 2014)
Maier, D., Stein, J.: Development and implementation of an object-oriented DBMS. In: Shriver, B., Wegner, P. (eds.) Research Directions in Object-Oriented Programming. MIT Press (1987)
Milner, R., Tofte, M., Harper, R.: The Definition of Standard ML. MIT Press, Cambridge (1990)
O.: The Common Object Request Broker: Architecture and Specification, OMG TC Document Number 91.12.1, Revision 1.1 (December 1991)
Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. In: POPL 1999, pp. 93–104 (1999)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Smyth, M.B.: Power domains. Journal of Computer and System Sciences 16(1), 23–36 (1978)
Zheng, L., Chong, S., Myers, A.C., Zdancewic, S.: Using replication and partitioning to build secure distributed systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 236–250 (May 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, J., Myers, A.C. (2014). Defining and Enforcing Referential Security. In: Abadi, M., Kremer, S. (eds) Principles of Security and Trust. POST 2014. Lecture Notes in Computer Science, vol 8414. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54792-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-54792-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54791-1
Online ISBN: 978-3-642-54792-8
eBook Packages: Computer ScienceComputer Science (R0)