Silvia Ghilezan
Jovanka Pantović
Jorge A. Pérez
Hugo Torres Vieira
Abstract
Abstract
Protocols in distributed settings usually rely on the interaction of several parties and often identify the roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of role authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single role, or in which one site may be authorized to act on behalf of different roles. This flexibility must be equipped with ways of controlling the roles that the different parties are authorized to represent, including the challenging case in which role authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic role authorization and delegation. Building on previous work on conversation types with role assignment, our formal model is based on an extension of the -calculus in which the basic resources are pairs channel-role, which denote the access right of interacting along a given channel representing the given role. To specify dynamic authorization control, our process model includes (1) a novel scoping construct for authorization domains, and (2) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error then corresponds to an action involving a channel and a role not enclosed by an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, including when parties dynamically acquire authorizations.
- BCCDC11 Bono V, Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) A reputation system for multirole sessions. In: Roberto B, Vladimiro S (eds) Trustworthy Global Computing—6th International Symposium, TGC 2011, Aachen, Germany, June 9-10, 2011. Revised Selected Papers, vol. 7173 of Lecture Notes in Computer Science. Springer, pp 1–24Google Scholar
- BCD+15 Combining behavioural types with security analysisJ Log Algebr Meth Program,2015846763780341224210.1016/j.jlamp.2015.09.0031330.68045Google ScholarCross Ref
- BCG05 Correspondence assertions for process synchronization in concurrent communicationsJ Funct Program2005152219247213038210.1017/S095679680400543X1077.68605Google ScholarDigital Library
- BCVV12 Baltazar P, Caires L, Vasconcelos VT, Vieira HT (2012) A type system for flexible role assignment in multiparty communicating systems. In: Catuscia P and Mark Dermot R (eds) Trustworthy Global Computing—7th International Symposium, TGC2012, Revised Selected Papers, Vol 8191 of Lecture Notes in Computer Science. Springer, pp 82–96Google Scholar
- CCDC11 Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) Information flow safety in multiparty sessions. In: Bas L and Frank V (eds) Proceedings 18th International Workshop on Expressiveness in Concurrency, EXPRESS 2011, Aachen, Germany, 5th September 2011, Vol 64 EPTCS, pp 16–30Google Scholar
- CCDCR10 Capecchi S, Castellani I, Dezani-Ciancaglini M, Rezk T (2010) Session types for access and information flow control. In: Paul G, François L (eds) CONCUR 2010—Concurrency Theory, 21th International Conference, CONCUR 2010, Paris, France, August 31–September 3, 2010. Proceedings, Vol 6269 of Lecture Notes in Computer Science, Springer, pp 237–252Google Scholar
- CPN98 David G, Clarke, Potter J, Noble J (1998) Ownership types for flexible alias protection. In: Bjørn N. Freeman-Benson and Craig Chambers (eds) Proceedings of the 1998 ACMSIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA ’98), Vancouver, British Columbia, Canada, October 18-22, 1998. ACM, pp 48–64Google Scholar
- CV10 Conversation typesTheor Comp Sci201041151–5243994440277931710.1016/j.tcs.2010.09.0101207.68222Google ScholarDigital Library
- DGJP10 Dezani-Ciancaglini M, Ghilezan S, Jaksic S, Pantovic J (2010) Types for role-based access control of dynamic web data. In Julio Mariño (ed) Functional and Constraint Logic Programming—19th International Workshop, WFLP 2010, Madrid, Spain, January 17, 2010. Revised Selected Papers, volume 6559 of Lecture Notes in Computer Science. Springer, pp 1–29Google Scholar
- DY11 Pierre-Malo D, Yoshida N (2011) Dynamic multirole session types. In: Thomas B, Mooly S (eds) Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011, ACM, pp 435–446Google Scholar
- FGM07 Fournet C, Gordon AD, Maffeis S (2007) A type discipline for authorization policies. ACM Trans Program Lang Syst, 29(5)Google Scholar
- GJP+14 Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2014) Dynamic role authorization in multiparty conversations. In: Proceedings of BEAT 2014, Vol. 162 of EPTCS, pp 1–8Google Scholar
- GJP+15 Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2016) A typed model for dynamic authorizations. In: Gay S,Alglave J (eds)
Proceedings Eighth InternationalWorkshop on Programming Language Approaches to Concurrency- and CommunicationcEntric
Software, London, 18thApril 2015. Electronic Proceedings in TheoreticalComputer Science, vol 203. Open Publishing Association, pp 73–84. doi:
DOI:
10.4204/EPTCS.203.6Google Scholar
- GP09 Dynamic management of capabilities in a network aware coordination languageJ Log Algebr Program2009788665689256975810.1016/j.jlap.2008.12.0011183.68041Google ScholarCross Ref
- GPV12 Giunti M, Palamidessi C, Valencia FD (2012) Hide and new in the pi-calculus. In: Proceedings Combined 19th International Workshop on Expressiveness in Concurrency and 9th Workshop on Structured Operational Semantics, EXPRESS/SOS 2012, volume 89 of EPTCS, pp 65–79Google Scholar
- HLV+16 Huttel H, Lanese I, Vasconcelos VT, Caires L, Carbone M, Pierre-Malo D, Mostrous D, Padovani L, Ravara A, Tuosto E, Vieira HT, Zavattaro G (2016) Foundations of behavioural types. ACM Comput. Surv. To appear. Preliminary version available at http://www.behavioural-types.eu/publications/.Google Scholar
- HRU76 Ullman. Protection in operating systemsCommun ACM197619846147110.1145/360303.3603330327.68041Google ScholarDigital Library
- Lam74 ProtectionOperating Syst Rev197481182410.1145/775265.7752680296.68065Google ScholarDigital Library
- LPT07 Lapadula A, Pugliese R, Tiezzi F (2007) Regulating data exchange in service oriented applications. In Farhad Arbab and Marjan Sirjani, editors, International Symposium on Fundamentals of Software Engineering, International Symposium, FSEN 2007, Tehran, Iran, April 17-19, 2007, Proceedings, volume 4767 of Lecture Notes in Computer Science. Springer, pp 223–239Google Scholar
- San92 Sandhu RS (1992) The typed access matrix model. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, May 4–6, 1992. IEEE Computer Society, pp 122–136Google Scholar
- SCC10 Swamy N, Chen J, Chugh R (2010) Enforcing stateful authorization and information flow policies in fine. In: Programming Languages and Systems, 19th European Symposium on Programming, ESOP 2010, Proceedings, Vol 6012 of Lecture Notes in Computer Science, Springer, pp 529–549Google Scholar
- SdV00 Samarati P, De Capitani di Vimercati S (2000) Access control: Policies, models, and mechanisms. In: Riccardo Focardi, Roberto Gorrieri (eds) Foundations of Security Analysis and Design, Tutorial Lectures [revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, FOSAD 2000, Bertinoro, Italy, September 2000], Vol. 2171 of Lecture Notes in Computer Science. Springer, pp 137–196Google Scholar
- SW01 Sangiorgi D, Walker D (2001) The Pi-Calculus—a theory of mobile processes. Cambridge University PressGoogle Scholar
- VY02 Dynamic channel screening in the higher order pi-calculusElectr Notes Theor Comput Sci200266317018410.1016/S1571-0661(04)80421-3Google ScholarCross Ref
Index Terms
- Dynamic role authorization in multiparty conversations
Recommendations
Role-based access control for boxed ambients
Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile ...
Role-Based delegation with negative authorization
APWeb'06: Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and DevelopmentRole-based delegation model (RBDM) based on role-based access control (RBAC) has proven to be a flexible and useful access control model for information sharing on distributed collaborative environment. Authorization is an important functionality for ...
A role administration system in role-based authorization infrastructures: design and implementation
SAC '03: Proceedings of the 2003 ACM symposium on Applied computingIn this paper we describe a system whose purpose is to help establish a valid set of roles and role hierarchies with assigned users and associated permissions. We have designed and implemented the system, called RA system, which enables role ...
Comments