Abstract
Discretionary Access Control (DAC) systems provide powerful mechanisms for resource management based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for concurrent and distributed systems represented as terms of Cardelli, Ghelli and Gordon’s pi calculus with groups [2]. In our theory, groups play the rôle of principals, and the structure of types allows fine-grained mechanisms to be specified to govern the transmission of names, to bound the (iterated) re-transmission of capabilities, to predicate their use on the inability to pass them to third parties, ... and more. The type system relies on subtyping to help achieve a selective distribution of capabilities, based on the groups in control of the communication channels. Type preservation provides the basis for a safety theorem stating that in well-typed processes all names flow according to the delivery policies specified by their types, and are received at the intended sites with the intended capabilities.
Work partially supported by EU-FET project ‘MyThS’ IST-2001-32617.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., Gordon, A.D.: Reasoning about cryptographic protocols in the π calculus. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 59–73. Springer, Heidelberg (1997)
Cardelli, L., Ghelli, G., Gordon, A.D.: Secrecy and Group Creation. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 365–379. Springer, Heidelberg (2000)
Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: CSFW 2003, pp. 170–184. IEEE, Los Alamitos (2003)
Hennessy, M., Riely, J.: Information flow vs resource access in the asynchronous π-calculus. ACM TOPLAS 24(5), 566–591 (2002)
Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. I&C 173, 82–120 (2002)
Hennessy, M., Rathke, J., Yoshida, N.: safeDpi: A language for controlling mobile code. In: Walukiewicz, I. (ed.) FOSSACS 2004. LNCS, vol. 2987, pp. 241–256. Springer, Heidelberg (2004)
Honda, K., Vasconcelos, V., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998 and ETAPS 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998)
Honda, K., Vasconcelos, V.T., Yoshida, N.: Secure Information Flow as Typed Process Behaviour. In: Smolka, G. (ed.) ESOP 2000 and ETAPS 2000. LNCS, vol. 1782, pp. 180–199. Springer, Heidelberg (2000)
Kobayashi, N.: Type-based information flow analysis for the π-calculus. Technical Report TR03-0007, Dept. of Computer Science, Tokyo Institute of Technology (2003)
Lampson, B.W.: Protection. ACM Operating Systems Rev. 8(1), 18–24 (1974)
McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyond the pale of mac and dac – defining new forms of access control. In: Proc. of IEEE Symposium on Security and Privacy, pp. 190–200 (1990)
Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol (4) 410–442 (2000)
Pierce, B., Sangiorgi, D.: Typing and subtyping for mobile processes. Mathematical Structures in Computer Science 6(5) (1996)
Pottier, F.: A simple view of type-secure information flow in the π-calculus. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 320–330 (2002)
Samarati, P., di Vimercati, S.d.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)
Sandhu, R.S., Munawer, Q.: How to do discretionary access control using roles. In: ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Sewell, P., Vitek, J.: Secure composition of untrusted code: Boxmpi, wrappers and causality types. Journal of Computer Security 11(2), 135–188 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bugliesi, M., Colazzo, D., Crafa, S. (2004). Type Based Discretionary Access Control. In: Gardner, P., Yoshida, N. (eds) CONCUR 2004 - Concurrency Theory. CONCUR 2004. Lecture Notes in Computer Science, vol 3170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-28644-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-28644-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22940-7
Online ISBN: 978-3-540-28644-8
eBook Packages: Springer Book Archive