Advertisement

Types for Security in a Mobile World

  • Adriana B. Compagnoni
  • Elsa L. Gunter
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3705)

Abstract

Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question.

In this paper we propose a a mechanisms for specifying access privileges based on a combination of the identity of the user seeking access, its credentials, and the location from which he seeks it, within a reconfigurable nested structure.

We define BACIR, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACIR is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process’s owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: 1) attempting to move into an ambient without having the authorizing roles granting entry activated and 2) trying to use a communication port without having the roles required for access activated. We accomplish 1) and 2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks.

Keywords

Access Control Security Policy Trust Management Access Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed system. ACM Transactions on Programming Languages and Systems 15(4), 706–734 (1993)CrossRefGoogle Scholar
  2. 2.
    Ahn, G.-J., Sandhu, R.: The RSL99 language for role-based separation of duty constraints. In: Proceedings of the 4th Workshop on Role-Based Access Control, pp. 43–54 (1999)Google Scholar
  3. 3.
    Ahn, G.J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)CrossRefGoogle Scholar
  4. 4.
    Ahn, G.-J., Sandhu, R.: Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. 3(4), 207–226 (2000)CrossRefGoogle Scholar
  5. 5.
    Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: Proc. of 6th SACMAT, pp. 41–52. ACM Press, New York (2001)Google Scholar
  6. 6.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 17th Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society, Los Alamitos (1996)Google Scholar
  7. 7.
    Bonelli, E., Compagnoni, A., Dezani-Ciancaglini, M., Garralda, P.: Boxed Ambients with Communication Interfaces (BACI). In: Fiala, J., Koubek, V., Kratochvíl, J. (eds.) MFCS 2004. LNCS, vol. 3153, pp. 119–148. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Braghin, C., Gorla, D., Sassone, V.: A distributed calculus for role-based access control. In: Proceedings of 17th Computer Security Foundations Workshop (CSFW 2004), pp. 48–60. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  9. 9.
    Bugliesi, M., Castagna, G., Crafa, S.: Reasoning about security in mobile ambients. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 102–120. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Bugliesi, M., Castagna, G., Crafa, S.: Access Control for Mobile Agents: The Calculus of Boxed Ambients. ACM Transactions on Programming Languages and Systems 26(1), 57–124 (2004)CrossRefGoogle Scholar
  11. 11.
    Bugliesi, M., Crafa, S., Merro, M., Sassone, V.: Communication and Mobility Control in Boxed Ambients. In: Agrawal, M., Seth, A.K. (eds.) FSTTCS 2002. LNCS, vol. 2556, pp. 71–84. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Bugliesi, M., Crafa, S., Merro, M., Sassone, V.: Communication interference in mobile boxed ambients. In: Agrawal, M., Seth, A.K. (eds.) FSTTCS 2002. LNCS, vol. 2556, pp. 71–84. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Cardelli, L., Ghelli, G., Gordon, A.D.: Ambient Groups and Mobility Types. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 333–347. Springer, Heidelberg (2000); Extended version to appear in Information and Computation, special issue on TCS (2000)CrossRefGoogle Scholar
  14. 14.
    Cardelli, L., Gordon, A.D.: Mobile ambients. In: Nivat, M. (ed.) FOSSACS 1998. LNCS, vol. 1378, p. 140. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Cardelli, L., Gordon, A.D.: Mobile Ambients. Theoretical Computer Science 240(1), 177–213 (2000); Le Métayer, D. (ed.): Special Issue on CoordinationGoogle Scholar
  16. 16.
    Coppo, M., Dezani-Ciancaglini, M., Giovannetti, E., Salvo, I.: SalvoM3: Mobility Types for Mobile Processes in Mobile Ambients. In: Harland, J. (ed.) CATS 2003. ENTCS, vol. 78. Elsevier, Amsterdam (2003)Google Scholar
  17. 17.
    Crook, R., Ince, D., Nuseibeh, B.: Towards an analytical role modelling framework for security requirements. In: Proc. of the 8th International Workshop on Requirements Engineering: Foundation for Software Quality, Essen, Germany, pp. 123–138 (2002)Google Scholar
  18. 18.
    Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST- NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  19. 19.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)CrossRefGoogle Scholar
  20. 20.
    Garralda, P., Compagnoni, A.: Splitting Mobility and Communication in Boxed Ambients. In: Fernandez, M., Mackie, I. (eds.) International Workshop on Developements in Computational Models (DCM 2005). ENTCS. Elsevier, Amsterdam (2005)Google Scholar
  21. 21.
    Giuri, L., Iglio, P.: A formal model for role-based access control with constraints. In: CSFW 1996: Proceedings of the Ninth IEEE Computer Security Foundations Workshop, p. 136. IEEE Computer Society Press, Los Alamitos (1996)CrossRefGoogle Scholar
  22. 22.
    Gorla, D., Hennessy, M., Sassone, V.: Security policies as membranes in systems for global computing. In: Foundations of Global Ubiquitous Computing, FGUC 2004. ENTCS (2004)Google Scholar
  23. 23.
    Hennessy, M., Merro, M., Rathke, J.: Towards a behavioural theory of access and mobility control in distributed system (extended abstract). In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 282–298. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. Inf. Comput. 173(1), 82–120 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  25. 25.
    Levi, F., Sangiorgi, D.: Controlling Interference in Ambients. Transactions on Programming Languages and Systems 25(1), 1–69 (2003)CrossRefGoogle Scholar
  26. 26.
    Levi, F., Sangiorgi, D.: Mobile safe ambients. Transactions on Programming Languages and Systems 25(1), 1–69 (2003)CrossRefGoogle Scholar
  27. 27.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  28. 28.
    Li, N., Tripunitara, M.V.: Security analysis in role-based access control. In: SACMAT 2004: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 126–135. ACM Press, New York (2004)CrossRefGoogle Scholar
  29. 29.
    Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management: extended abstract. In: CCS 2001: Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 156–165. ACM Press, New York (2001)CrossRefGoogle Scholar
  30. 30.
    Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond proof-of-compliance: Safety and availability analysis in trust management. In: SP 2003: Proceedings of the 2003 IEEE Symposium on Security and Privacy, p. 123. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  31. 31.
    Mohammed, I., Dilts, D.M.: Design for dynamic user-role-based security. Comput. Secur. 13(9), 661–671 (1994)CrossRefGoogle Scholar
  32. 32.
    Nyanchama, M., Osborn, S.L.: Access rights administration in role-based security systems. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, pp. 37–56. North-Holland, Amsterdam (1994)Google Scholar
  33. 33.
    Sandhu, R.S.: The typed access control model. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 122–136 (1992)Google Scholar
  34. 34.
    Sandhu, R.S.: The typed access matrix model. In: SP 1992: Proceedings of the 1992 IEEE Symposium on Security and Privacy, p. 122. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  35. 35.
    Sandhu, R.S.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)Google Scholar
  36. 36.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  37. 37.
    Schaad, A., Moffett, J.D.: A lightweight approach to specification and analysis of role-based access control extensions. In: SACMAT 2002: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 13–22. ACM Press, New York (2002)CrossRefGoogle Scholar
  38. 38.
    Thomas, R.K.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of the second ACM workshop on Role-based access control, pp. 13–19 (1997)Google Scholar
  39. 39.
    Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, pp. 166–181 (1997)Google Scholar
  40. 40.
    Vitek, J., Castagna, G.: Seal: A framework for secure mobile computations. In: Bal, H.E., Belkhouche, B., Cardelli, L. (eds.) ICCL-WS 1998. LNCS, vol. 1686, pp. 47–77. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  41. 41.
    von Solms, S.H., van der Merwe, I.: The management of computer security profiles using a role-oriented approach. Comput. Secur. 13(9), 673–680 (1994)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Adriana B. Compagnoni
    • 1
  • Elsa L. Gunter
    • 2
  1. 1.Department of Computer ScienceStevens Institute of Technology, Castle Point on HudsonHobokenUSA
  2. 2.Department of Computer ScienceUniversity of Illinois, Urbana – ChampaignUrbanaUSA

Personalised recommendations