Skip to main content

Types for Security in a Mobile World

  • Conference paper
Trustworthy Global Computing (TGC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3705))

Included in the following conference series:

  • 325 Accesses

Abstract

Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question.

In this paper we propose a a mechanisms for specifying access privileges based on a combination of the identity of the user seeking access, its credentials, and the location from which he seeks it, within a reconfigurable nested structure.

We define BACIR, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACIR is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process’s owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: 1) attempting to move into an ambient without having the authorizing roles granting entry activated and 2) trying to use a communication port without having the roles required for access activated. We accomplish 1) and 2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks.

This research was partially supported by the NSF Grant No. CCR-0220286 ITR:Secure Electronic Transactions and by US Army Research Office Grant number DAAAD19-01-1-0473.

An erratum to this chapter can be found at http://dx.doi.org/10.1007/11580850_20 .

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed system. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)

    Article  Google Scholar 

  2. Ahn, G.-J., Sandhu, R.: The RSL99 language for role-based separation of duty constraints. In: Proceedings of the 4th Workshop on Role-Based Access Control, pp. 43–54 (1999)

    Google Scholar 

  3. Ahn, G.J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)

    Article  Google Scholar 

  4. Ahn, G.-J., Sandhu, R.: Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. 3(4), 207–226 (2000)

    Article  Google Scholar 

  5. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: Proc. of 6th SACMAT, pp. 41–52. ACM Press, New York (2001)

    Google Scholar 

  6. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 17th Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society, Los Alamitos (1996)

    Google Scholar 

  7. Bonelli, E., Compagnoni, A., Dezani-Ciancaglini, M., Garralda, P.: Boxed Ambients with Communication Interfaces (BACI). In: Fiala, J., Koubek, V., Kratochvíl, J. (eds.) MFCS 2004. LNCS, vol. 3153, pp. 119–148. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  8. Braghin, C., Gorla, D., Sassone, V.: A distributed calculus for role-based access control. In: Proceedings of 17th Computer Security Foundations Workshop (CSFW 2004), pp. 48–60. IEEE Computer Society Press, Los Alamitos (2004)

    Chapter  Google Scholar 

  9. Bugliesi, M., Castagna, G., Crafa, S.: Reasoning about security in mobile ambients. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 102–120. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Bugliesi, M., Castagna, G., Crafa, S.: Access Control for Mobile Agents: The Calculus of Boxed Ambients. ACM Transactions on Programming Languages and Systems 26(1), 57–124 (2004)

    Article  Google Scholar 

  11. Bugliesi, M., Crafa, S., Merro, M., Sassone, V.: Communication and Mobility Control in Boxed Ambients. In: Agrawal, M., Seth, A.K. (eds.) FSTTCS 2002. LNCS, vol. 2556, pp. 71–84. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Bugliesi, M., Crafa, S., Merro, M., Sassone, V.: Communication interference in mobile boxed ambients. In: Agrawal, M., Seth, A.K. (eds.) FSTTCS 2002. LNCS, vol. 2556, pp. 71–84. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Cardelli, L., Ghelli, G., Gordon, A.D.: Ambient Groups and Mobility Types. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 333–347. Springer, Heidelberg (2000); Extended version to appear in Information and Computation, special issue on TCS (2000)

    Chapter  Google Scholar 

  14. Cardelli, L., Gordon, A.D.: Mobile ambients. In: Nivat, M. (ed.) FOSSACS 1998. LNCS, vol. 1378, p. 140. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  15. Cardelli, L., Gordon, A.D.: Mobile Ambients. Theoretical Computer Science 240(1), 177–213 (2000); Le Métayer, D. (ed.): Special Issue on Coordination

    Google Scholar 

  16. Coppo, M., Dezani-Ciancaglini, M., Giovannetti, E., Salvo, I.: SalvoM3: Mobility Types for Mobile Processes in Mobile Ambients. In: Harland, J. (ed.) CATS 2003. ENTCS, vol. 78. Elsevier, Amsterdam (2003)

    Google Scholar 

  17. Crook, R., Ince, D., Nuseibeh, B.: Towards an analytical role modelling framework for security requirements. In: Proc. of the 8th International Workshop on Requirements Engineering: Foundation for Software Quality, Essen, Germany, pp. 123–138 (2002)

    Google Scholar 

  18. Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST- NCSC National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  19. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  20. Garralda, P., Compagnoni, A.: Splitting Mobility and Communication in Boxed Ambients. In: Fernandez, M., Mackie, I. (eds.) International Workshop on Developements in Computational Models (DCM 2005). ENTCS. Elsevier, Amsterdam (2005)

    Google Scholar 

  21. Giuri, L., Iglio, P.: A formal model for role-based access control with constraints. In: CSFW 1996: Proceedings of the Ninth IEEE Computer Security Foundations Workshop, p. 136. IEEE Computer Society Press, Los Alamitos (1996)

    Chapter  Google Scholar 

  22. Gorla, D., Hennessy, M., Sassone, V.: Security policies as membranes in systems for global computing. In: Foundations of Global Ubiquitous Computing, FGUC 2004. ENTCS (2004)

    Google Scholar 

  23. Hennessy, M., Merro, M., Rathke, J.: Towards a behavioural theory of access and mobility control in distributed system (extended abstract). In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 282–298. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  24. Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. Inf. Comput. 173(1), 82–120 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  25. Levi, F., Sangiorgi, D.: Controlling Interference in Ambients. Transactions on Programming Languages and Systems 25(1), 1–69 (2003)

    Article  Google Scholar 

  26. Levi, F., Sangiorgi, D.: Mobile safe ambients. Transactions on Programming Languages and Systems 25(1), 1–69 (2003)

    Article  Google Scholar 

  27. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  28. Li, N., Tripunitara, M.V.: Security analysis in role-based access control. In: SACMAT 2004: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 126–135. ACM Press, New York (2004)

    Chapter  Google Scholar 

  29. Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management: extended abstract. In: CCS 2001: Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 156–165. ACM Press, New York (2001)

    Chapter  Google Scholar 

  30. Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond proof-of-compliance: Safety and availability analysis in trust management. In: SP 2003: Proceedings of the 2003 IEEE Symposium on Security and Privacy, p. 123. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  31. Mohammed, I., Dilts, D.M.: Design for dynamic user-role-based security. Comput. Secur. 13(9), 661–671 (1994)

    Article  Google Scholar 

  32. Nyanchama, M., Osborn, S.L.: Access rights administration in role-based security systems. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, pp. 37–56. North-Holland, Amsterdam (1994)

    Google Scholar 

  33. Sandhu, R.S.: The typed access control model. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 122–136 (1992)

    Google Scholar 

  34. Sandhu, R.S.: The typed access matrix model. In: SP 1992: Proceedings of the 1992 IEEE Symposium on Security and Privacy, p. 122. IEEE Computer Society Press, Los Alamitos (1992)

    Chapter  Google Scholar 

  35. Sandhu, R.S.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)

    Google Scholar 

  36. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  37. Schaad, A., Moffett, J.D.: A lightweight approach to specification and analysis of role-based access control extensions. In: SACMAT 2002: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 13–22. ACM Press, New York (2002)

    Chapter  Google Scholar 

  38. Thomas, R.K.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of the second ACM workshop on Role-based access control, pp. 13–19 (1997)

    Google Scholar 

  39. Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, pp. 166–181 (1997)

    Google Scholar 

  40. Vitek, J., Castagna, G.: Seal: A framework for secure mobile computations. In: Bal, H.E., Belkhouche, B., Cardelli, L. (eds.) ICCL-WS 1998. LNCS, vol. 1686, pp. 47–77. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  41. von Solms, S.H., van der Merwe, I.: The management of computer security profiles using a role-oriented approach. Comput. Secur. 13(9), 673–680 (1994)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Compagnoni, A.B., Gunter, E.L. (2005). Types for Security in a Mobile World. In: De Nicola, R., Sangiorgi, D. (eds) Trustworthy Global Computing. TGC 2005. Lecture Notes in Computer Science, vol 3705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11580850_6

Download citation

  • DOI: https://doi.org/10.1007/11580850_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30007-6

  • Online ISBN: 978-3-540-31483-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics