Skip to main content
SpringerLink
Log in
Book cover

International Conference on Concurrency Theory

CONCUR 2004: CONCUR 2004 - Concurrency Theory pp 225–239Cite as

Type Based Discretionary Access Control

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3170))

Abstract

Discretionary Access Control (DAC) systems provide powerful mechanisms for resource management based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for concurrent and distributed systems represented as terms of Cardelli, Ghelli and Gordon’s pi calculus with groups [2]. In our theory, groups play the rôle of principals, and the structure of types allows fine-grained mechanisms to be specified to govern the transmission of names, to bound the (iterated) re-transmission of capabilities, to predicate their use on the inability to pass them to third parties, ... and more. The type system relies on subtyping to help achieve a selective distribution of capabilities, based on the groups in control of the communication channels. Type preservation provides the basis for a safety theorem stating that in well-typed processes all names flow according to the delivery policies specified by their types, and are received at the intended sites with the intended capabilities.

Work partially supported by EU-FET project ‘MyThS’ IST-2001-32617.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Gordon, A.D.: Reasoning about cryptographic protocols in the π calculus. In: Mazurkiewicz, A., Winkowski, J. (eds.) CONCUR 1997. LNCS, vol. 1243, pp. 59–73. Springer, Heidelberg (1997)

    Google Scholar 

  2. Cardelli, L., Ghelli, G., Gordon, A.D.: Secrecy and Group Creation. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 365–379. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: CSFW 2003, pp. 170–184. IEEE, Los Alamitos (2003)

    Google Scholar 

  4. Hennessy, M., Riely, J.: Information flow vs resource access in the asynchronous π-calculus. ACM TOPLAS 24(5), 566–591 (2002)

    Article  Google Scholar 

  5. Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. I&C 173, 82–120 (2002)

    MathSciNet  MATH  Google Scholar 

  6. Hennessy, M., Rathke, J., Yoshida, N.: safeDpi: A language for controlling mobile code. In: Walukiewicz, I. (ed.) FOSSACS 2004. LNCS, vol. 2987, pp. 241–256. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Honda, K., Vasconcelos, V., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998 and ETAPS 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Honda, K., Vasconcelos, V.T., Yoshida, N.: Secure Information Flow as Typed Process Behaviour. In: Smolka, G. (ed.) ESOP 2000 and ETAPS 2000. LNCS, vol. 1782, pp. 180–199. Springer, Heidelberg (2000)

    Google Scholar 

  9. Kobayashi, N.: Type-based information flow analysis for the π-calculus. Technical Report TR03-0007, Dept. of Computer Science, Tokyo Institute of Technology (2003)

    Google Scholar 

  10. Lampson, B.W.: Protection. ACM Operating Systems Rev. 8(1), 18–24 (1974)

    Article  MATH  Google Scholar 

  11. McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyond the pale of mac and dac – defining new forms of access control. In: Proc. of IEEE Symposium on Security and Privacy, pp. 190–200 (1990)

    Google Scholar 

  12. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol (4) 410–442 (2000)

    Google Scholar 

  13. Pierce, B., Sangiorgi, D.: Typing and subtyping for mobile processes. Mathematical Structures in Computer Science 6(5) (1996)

    Google Scholar 

  14. Pottier, F.: A simple view of type-secure information flow in the π-calculus. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 320–330 (2002)

    Google Scholar 

  15. Samarati, P., di Vimercati, S.d.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  16. Sandhu, R.S., Munawer, Q.: How to do discretionary access control using roles. In: ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)

    Google Scholar 

  17. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  MathSciNet  Google Scholar 

  18. Sewell, P., Vitek, J.: Secure composition of untrusted code: Boxmpi, wrappers and causality types. Journal of Computer Security 11(2), 135–188 (2003)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Università Ca’ Foscari, Venezia, Italy

    Michele Bugliesi, Dario Colazzo & Silvia Crafa

Authors
  1. Michele Bugliesi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dario Colazzo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Silvia Crafa
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Imperial College London, 180 Queen’s Gate, SW7 2AZ, London, UK

    Philippa Gardner

  2. Department of Computing, Imperial College, London, UK

    Nobuko Yoshida

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bugliesi, M., Colazzo, D., Crafa, S. (2004). Type Based Discretionary Access Control. In: Gardner, P., Yoshida, N. (eds) CONCUR 2004 - Concurrency Theory. CONCUR 2004. Lecture Notes in Computer Science, vol 3170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-28644-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-28644-8_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22940-7

  • Online ISBN: 978-3-540-28644-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation