Foundations of Access Control for Secure Storage Thesis Proposal

Formal techniques have played a significant role in the study of secure communication in recent years. Specifically, there has been much research in developing process calculi, type systems, logics, and other foundations for the rigorous design and analysis of secure communication protocols. In comparison, the study of secure storage has received far less formal attention. Yet, over the years storage has assumed a pervasive role in modern computing. Now storage is a fundamental part of most networked computer systems that we rely on—and understanding secure storage is as important as understanding secure communication. One might wonder whether the foundations of secure communication already provide those of secure storage—after all, storage is a form of communication. Certainly it would be nice if techniques developed for the study of secure communication can also be applied to study secure storage. We propose to make these connections explicit. On the other hand, some distinctive features of storage pose problems for security that seem to go beyond those explored in the context of communication protocols. Perhaps the most striking of these features is access control. Indeed, storage systems typically feature access control on store operations, for various reasons that are informally linked with security. We see an intriguing and challenging research opportunity in understanding the foundations of access control for security in such systems. Therefore we propose a thorough investigation of formal techniques for the purposes of specifying, implementing, verifying, and exploiting access control in storage systems. We envisage two complementary lines of work: one that focuses on correctness proofs for various implementations of access control, and another that assumes correct “black-box” access control in proofs of end-to-end security properties. More specifically, we are interested in articulating and justifying precise security properties of several complex cryptographic access controls that appear in a variety of distributed storage designs. We are also interested in proof techniques that combine access control with static analysis for more concrete guarantees like secrecy and integrity. We report some preliminary work along these lines and outline related ongoing work. We also discuss work that remains to be done within the scope of this thesis—including work on consolidating and organizing the state of the art—and sketch a tentative plan of action that roughly spans the next two years. Finally, we summarize what we expect to be the main contributions of this thesis, and speculate on its likely impact on system security.