TY - GEN
T1 - Types for security in a mobile world
AU - Compagnoni, Adriana B.
AU - Gunter, Elsa L.
PY - 2005
Y1 - 2005
N2 - Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question. In this paper we propose a a mechanisms for specifying access privileges based on a combination of the identity of the user seeking access, its credentials, and the location from which he seeks it, within a reconfigurable nested structure. We define BACI R, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACIR is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process's owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: 1) attempting to move into an ambient without having the authorizing roles granting entry activated and 2) trying to use a communication port without having the roles required for access activated. We accomplish 1) and 2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks.
AB - Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question. In this paper we propose a a mechanisms for specifying access privileges based on a combination of the identity of the user seeking access, its credentials, and the location from which he seeks it, within a reconfigurable nested structure. We define BACI R, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACIR is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process's owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: 1) attempting to move into an ambient without having the authorizing roles granting entry activated and 2) trying to use a communication port without having the roles required for access activated. We accomplish 1) and 2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks.
UR - http://www.scopus.com/inward/record.url?scp=33646190150&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33646190150&partnerID=8YFLogxK
U2 - 10.1007/11580850_6
DO - 10.1007/11580850_6
M3 - Conference contribution
AN - SCOPUS:33646190150
SN - 3540300074
SN - 9783540300076
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 75
EP - 97
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
T2 - International Symposium on Trustworthy Global Computing, TGC 2005
Y2 - 7 April 2005 through 9 April 2005
ER -