Advertisement

History-Based Access Control for Distributed Processes

  • Francisco Martins
  • Vasco Vasconcelos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3705)

Abstract

This paper presents a type system to control the migration of code between network nodes in a concurrent distributed framework, using the Dπ language. We express resource access policies as types and enforce policies via a type system. Types describe paths travelled by migrating code, enabling the control of history sensitive access to resources. Sites are logically organised in subnetworks that share the same security policies, statically specified by a network administrator. The type system guarantees that well-typed networks are exempt from security policy violations at runtime.

Keywords

Type System Security Policy Operational Semantic Migration Path Security Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of NDSSS 2003, pp. 107–121 (2003)Google Scholar
  2. 2.
    Boudol, G.: Asynchrony and the π-calculus. In: Rapport de Recherche, INRIA Sophia-Antipolis, vol. 1702 (1992)Google Scholar
  3. 3.
    Boudol, G., Castellani, I., Germain, F., Lacoste, M.: Models of distribution and mobility: State of the art. Mikado Deliverable D1.1.1 (2002)Google Scholar
  4. 4.
    Bugliesi, M., Colazzo, D., Crafa, S.: Type based discretionary access control. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 225–239. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Cardelli, L., Ghelli, G., Gordon, A.: Mobility types for mobile ambients. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, p. 230. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Cardelli, L., Ghelli, G., Gordon, A.: Ambient groups and mobility types. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, p. 333. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Cardelli, L., Gordon, A.: Mobile ambients. Theoretical Computer Science 240(1), 177–213 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Chothia, T., Stark, I.: A distributed pi-calculus with local areas of communication. ENTCS vol. 41Google Scholar
  9. 9.
    De Nicola, R., Ferrari, G., Pugliese, R.: Klaim: a Kernel Language for Agents Interaction and mobility. IEEE Trans. in Software Engineering 24(5), 315–330 (1998)CrossRefGoogle Scholar
  10. 10.
    De Nicola, R., Ferrari, G., Pugliese, R., Veneri, B.: Types for access control. Theoretical Computer Science 240(1), 215–254 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    Edjlali, G., Anurag, A., Vipin, C.: History-based access-control for mobile code. In: Proceedings of CCS 1988 (1998)Google Scholar
  12. 12.
    Gorla, D., Pugliese, R.: Resource access and mobility control with dynamic privileges acquisition. In: Baeten, J.C.M., Lenstra, J.K., Parrow, J., Woeginger, G.J. (eds.) ICALP 2003. LNCS, vol. 2719, pp. 119–132. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Gorla, D., Pugliese, R.: Controlling data movement in global computing applications. In: Proceedings of SAC 2004. ACM Press, New York (2004)Google Scholar
  14. 14.
    Hennessy, M., Merro, M., Rathke, J.: Towards a behavioural theory of access and mobility control in distributed systems. Theoretical Computer Science (2003)Google Scholar
  15. 15.
    Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. Journal of Information and Computation 173, 82–120 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    Honda, K., Tokoro, M.: An object calculus for asynchronous communication. In: America, P. (ed.) ECOOP 1991. LNCS, vol. 512, pp. 133–147. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  17. 17.
    Lhoussaine, C., Sassone, V.: A dependently typed ambient calculus. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Martins, F., Ravara, A.: Typing migration control in lsdπ. In: Sabelfield, A. (ed.) Proceedings of FCS 2004. TUCS (2004)Google Scholar
  19. 19.
    Martins, F., Vasconcelos, V.: Controlling security policies in a distributed environment. DI/FCUL TR 04–01 (2004)Google Scholar
  20. 20.
    Myers, A., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)CrossRefGoogle Scholar
  21. 21.
    Pierce, B., Sangiorgi, D.: Typing and subtyping for mobile processes. Mathematical Structures in Computer Science 6(5), 409–454 (1996)zbMATHMathSciNetGoogle Scholar
  22. 22.
    Ravara, A., Matos, A., Vasconcelos, V., Lopes, L.: Lexically scoping distribution: what you see is what you get. In: FGC: Foundations of Global Computing. ENTCS, vol. 85(1) Google Scholar
  23. 23.
    Zwicky, E., Cooper, S., Chapman, D.: Building Internet Firewalls, 2nd edn. O’Reilly & Associates (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Francisco Martins
    • 1
  • Vasco Vasconcelos
    • 2
  1. 1.Department of MathematicsUniversity of AzoresPortugal
  2. 2.Department of Informatics, Faculty of SciencesUniversity of LisbonPortugal

Personalised recommendations