The Flow-Limited Authorization Calculus
A Calculus for Flow-Limited Authorization
The flow-limited authorization calculus (flac) is a simple, expressive model for reasoning about dynamic authorization as well as an information flow control language for securely implementing various authorization mechanisms.It provides strong end-to-end information security guarantees even for programs that incorporate and implement rich dynamic authorization mechanisms.These guarantees include noninterference and robust declassification, which prevent attackers from influencing information disclosures in unauthorized ways.We prove these security properties formally for all flac programs and explore the expressiveness of the expressiveness of flac with several examples.
