Abstract
Discretionary Access Control (DAC) systems provide powerful mechanisms for resource management based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for concurrent and distributed systems represented as terms of Cardelli, Ghelli and Gordon’s pi calculus with groups [2]. In our theory, groups play the rôle of principals, and the structure of types allows fine-grained mechanisms to be specified to govern the transmission of names, to bound the (iterated) re-transmission of capabilities, to predicate their use on the inability to pass them to third parties, ... and more. The type system relies on subtyping to help achieve a selective distribution of capabilities, based on the groups in control of the communication channels. Type preservation provides the basis for a safety theorem stating that in well-typed processes all names flow according to the delivery policies specified by their types, and are received at the intended sites with the intended capabilities.
Work partially supported by EU-FET project ‘MyThS’ IST-2001-32617.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Gordon, A.D.: Reasoning about cryptographic protocols in the π calculus. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 59–73. Springer, Heidelberg (1997)
Cardelli, L., Ghelli, G., Gordon, A.D.: Secrecy and Group Creation. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 365–379. Springer, Heidelberg (2000)
Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: CSFW 2003, pp. 170–184. IEEE, Los Alamitos (2003)
Hennessy, M., Riely, J.: Information flow vs resource access in the asynchronous π-calculus. ACM TOPLAS 24(5), 566–591 (2002)
Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. I&C 173, 82–120 (2002)
Hennessy, M., Rathke, J., Yoshida, N.: safeDpi: A language for controlling mobile code. In: Walukiewicz, I. (ed.) FOSSACS 2004. LNCS, vol. 2987, pp. 241–256. Springer, Heidelberg (2004)
Honda, K., Vasconcelos, V., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998 and ETAPS 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998)
Honda, K., Vasconcelos, V.T., Yoshida, N.: Secure Information Flow as Typed Process Behaviour. In: Smolka, G. (ed.) ESOP 2000 and ETAPS 2000. LNCS, vol. 1782, pp. 180–199. Springer, Heidelberg (2000)
Kobayashi, N.: Type-based information flow analysis for the π-calculus. Technical Report TR03-0007, Dept. of Computer Science, Tokyo Institute of Technology (2003)
Lampson, B.W.: Protection. ACM Operating Systems Rev. 8(1), 18–24 (1974)
McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyond the pale of mac and dac – defining new forms of access control. In: Proc. of IEEE Symposium on Security and Privacy, pp. 190–200 (1990)
Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol (4) 410–442 (2000)
Pierce, B., Sangiorgi, D.: Typing and subtyping for mobile processes. Mathematical Structures in Computer Science 6(5) (1996)
Pottier, F.: A simple view of type-secure information flow in the π-calculus. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 320–330 (2002)
Samarati, P., di Vimercati, S.d.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)
Sandhu, R.S., Munawer, Q.: How to do discretionary access control using roles. In: ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Sewell, P., Vitek, J.: Secure composition of untrusted code: Boxmpi, wrappers and causality types. Journal of Computer Security 11(2), 135–188 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bugliesi, M., Colazzo, D., Crafa, S. (2004). Type Based Discretionary Access Control. In: Gardner, P., Yoshida, N. (eds) CONCUR 2004 - Concurrency Theory. CONCUR 2004. Lecture Notes in Computer Science, vol 3170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-28644-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-28644-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22940-7
Online ISBN: 978-3-540-28644-8
eBook Packages: Springer Book Archive