Abstract
We introduce a role-based access control calculus for modelling dynamic web data and a corresponding type system. It is an extension of the Xdπ calculus proposed by Gardner and Maffeis. In our framework, a network is a parallel composition of locations, where each location contains processes with roles and a data tree whose edges are associated with roles. Processes can communicate, migrate from a location to another, use the data, change the data and the roles in the local tree. In this way, we obtain a model that controls process access to data. We propose a type system which ensures that a specified network policy is respected during computations. Finally, we show that our calculus obeys the following security properties: (1) all data trees and processes with roles in a location agree with the location policy; (2) a process can migrate only to a location with whose policy it agrees; (3) a process with roles can read and modify only data which are accessible to it; (4) a process with roles can enable and disable roles in agreement with the location policy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Braghin, C., Gorla, D., Sassone, V.: Role-based access control for a distributed calculus. Journal of Computer Security 14(2), 113–155 (2006)
Bugliesi, M., Castagna, G., Crafa, S.: Access control for mobile agents: The calculus of boxed ambients. ACM Transactions on Programming Languages and Systems 26(1), 57–124 (2004)
Bugliesi, M., Crafa, S., Merro, M., Sassone, V.: Communication and mobility control in boxed ambients. Information and Computation 202(1), 39–86 (2005)
Cardelli, L., Ghelli, G., Gordon, A.D.: Types for the ambient calculus. Information and Computation 177(2), 160–194 (2002)
Castagna, G., Vitek, J., Nardelli, F.Z.: The Seal calculus. Information and Computation 201(1), 1–54 (2005)
Compagnoni, A.B., Gunter, E.L., Bidinger, P.: Role-based access control for boxed ambients. Theoretical Computer Science 398(1-3), 203–216 (2008)
Coppo, M., Dezani-Ciancaglini, M., Giovannetti, E.: Types for ambient and process mobility. Mathematical Structures in Computer Science 18, 221–290 (2008)
Dezani-Ciancaglini, M., Ghilezan, S., Pantovic, J., Varacca, D.: Security types for dynamic web data. Theoretical Computer Science 402(2-3), 156–171 (2008)
Ferraiolo, D.F., Barkley, J.F., Kuhn, D.R.: A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)
Ferraiolo, D.F., Kuhn, D.R., Sandhu, R.S.: Rôle-based access control. In: NIST-NSA National Computer Security Conference, pp. 554–563 (1992)
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Gardner, P., Maffeis, S.: Modelling dynamic web data. Theoretical Computer Science 342(1), 104–131 (2005)
Garralda, P., Bonelli, E., Compagnoni, A., Dezani-Ciancaglini, M.: Boxed ambients with communication interfaces. Mathematical Structures in Computer Science 17, 1–59 (2007)
Gorla, D., Hennessy, M., Sassone, V.: Security policies as membranes in systems for global computing. Logical Methods in Computer Science 1(3:2), 331–353 (2005)
Hennessy, M.: A Distributed Pi-calculus. Cambridge University Press, Cambridge (2007)
Hennessy, M., Rathke, J., Yoshida, N.: SafeDpi: A language for controlling mobile code. Acta Informatica 42(4-5), 227–290 (2005)
Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. Information and Computation 173(1), 82–120 (2002)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)
Levi, F., Sangiorgi, D.: Controlling interference in ambients. Transactions on Programming Languages and Systems 25(1), 1–69 (2003)
Maffeis, S., Gardner, P.: Behavioural equivalences for dynamic Web data. Journal of Logic and Algebraic Programming 75(1), 86–138 (2008)
Merro, M., Hennessy, M.: A bisimulation-based semantic theory of safe ambients. ACM Transactions on Programming Languages and Systems 28(2), 290–330 (2006)
Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)
Osborn, S., Sandhu, R.S., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dezani-Ciancaglini, M., Ghilezan, S., Jakšić, S., Pantović, J. (2011). Types for Role-Based Access Control of Dynamic Web Data. In: Mariño, J. (eds) Functional and Constraint Logic Programming. WFLP 2010. Lecture Notes in Computer Science, vol 6559. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20775-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-20775-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20774-7
Online ISBN: 978-3-642-20775-4
eBook Packages: Computer ScienceComputer Science (R0)