Jia, Limin
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 4 of 4
Publication AURA: Preliminary Technical Results(2008-04-17) Jia, Limin; Vaughan, Jeffrey A; Mazurak, Karl; Zhao, Jianzhou; Zarko, Luke; Schorr, Joseph; Zdancewic, Stephan AThis paper presents AURA, a programming language for access control that treats ordinary programming constructs (e.g., integers and recursive functions) and authorization logic constructs (e.g., principals and access control policies) in a uniform way. AURA is based on polymorphic DCC and uses dependent types to permit assertions that refer directly to AURA values while keeping computation out of the assertion level to ensure tractability. The main technical results of this paper include fully mechanically verified proofs of the decidability and soundness for AURA's type system, and a prototype typechecker and interpreter.Publication Encoding Information Flow in AURA, Technical Appendix(2009-06-01) Jia, Limin; Zdancewic, Stephan ATwo of the main ways to protect security-sensitive resources in computer systems are to enforce access-control policies and information-flow policies. In this paper, we show how to enforce information-flow policies in AURA, which is a programming language for access control. When augmented with this mechanism for enforcing information-flow polices, AURA can further improve the security of reference monitors that implement access control. We show how to encode security types and lattices of security labels using AURA’s existing constructs for authorization logic. We prove a noninterference theorem for this encoding. We also investigate how to use expressive access control policies specified in authorization logic as the policies for information declassification.Publication Formally Verifiable Networking(2009-10-01) Wang, Anduo; Jia, Limin; Liu, Changbin; Loo, Boon Thau; Sokolsky, Oleg; Basu, PrithwishThis paper proposes Formally Verifiable Networking (FVN), a novel approach towards unifying the design, specification, implementation, and verification of networking protocols within a logic-based framework. In FVN, formal logical statements are used to specify the behavior and the properties of the protocol. FVN uses declarative networking as an intermediary layer between high-level logical specifications of the network model and low-level implementations. A theorem prover is used to statically verify the properties of declarative network protocols. Moreover, a property preserving translation exists for generating declarative networking implementations from verified formal specifications. We further demonstrate the possibility of designing and specifying well-behaved network protocols with correctness guarantees in FVN using meta-models in a systematic and compositional way.Publication Evidence-Based Audit, Technical Appendix(2008-04-27) Vaughan, Jeffrey A; Jia, Limin; Mazurak, Karl; Zdancewic, Stephan AAuthorization logics provide a principled and flexible approach to specifying access control policies. One of their compelling benefits is that a proof in the logic is evidence that an access-control decision has been made in accordance with policy. Using such proofs for auditing reduces the trusted computing base and enables the ability to detect flaws in complex authorization policies. Moreover, the proof structure is itself useful, because proof normalization can yield information about the relevance of policy statements. Untrusted, but well-typed, applications that access resources through an appropriate interface must obey the access control policy and create proofs useful for audit. This paper presents AURA0, an authorization logic based on a dependently-typed variant of DCC and proves the metatheoretic properties of subject-reduction and normalization. It shows the utility of proof-based auditing in a number of examples and discusses several pragmatic issues that must be addressed in this context.