Types for access control

KLAIM is an experimental programming language that supports a programming paradigm where both processes and data can be moved across dierent computing environments. This paper presents the mathematical foundations of the KLAIM type system; this system permits checking access rights violations of mobile agents. Types are used to describe the intentions (read, write, execute, :::) of processes relative to the dierent localities with which they are willing to interact, or to which they want to migrate. Type checking then determines whether processes comply with the declared intentions, and whether they have been assigned the necessary rights to perform the intended operations at the specied localities. The KLAIM type system encompasses both subtyping and recursively dened types. The former occurs naturally when considering hierarchies of access rights, while the latter is needed to model migration of recursive processes. c 2000 Elsevier Science B.V. All rights reserved.

[1]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[2]  Jan Vitek,et al.  A Calculus of Secure Mobile Computations ( Preliminary Report ) , 1998 .

[3]  Rocco De Nicola,et al.  A Process Algebra Based on LINDA , 1996, COORDINATION.

[4]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[5]  Nicholas Carriero,et al.  Linda in context , 1989, CACM.

[6]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[7]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[8]  Gérard Boudol,et al.  Typing the Use of Resources in a Concurrent Calculus (Extended Abstract) , 1997, ASIAN.

[9]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[10]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[11]  Rocco De Nicola,et al.  Coordinating Mobile Agents via Blackboards and Access Rights , 1997, COORDINATION.

[12]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[13]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[14]  Mogens Nielsen,et al.  Foundations of Software Science and Computation Structures , 2002, Lecture Notes in Computer Science.

[15]  Roberto Gorrieri,et al.  Towards a calculus for generative communication , 1997 .

[16]  Nicholas Carriero,et al.  Parallel Programming in Linda , 1985, ICPP.

[17]  D. Walker,et al.  A Calculus of Mobile Processes, Part I , 1989 .

[18]  Rocco De Nicola,et al.  Interactive mobile agents in X-KLAIM , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[19]  Davide Sangiorgi,et al.  Bisimulation in name-passing calculi without matching , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[20]  Peter Sewell Global/Local Subtyping and Capability Inference for a Distributed pi-calculus , 1998, ICALP.

[21]  John H. Reppy,et al.  Higher-Order Concurrency , 1992 .

[22]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, HLCL.

[23]  Munindar P. Singh,et al.  Agents on the Web: Mobile Agents , 1997, IEEE Internet Comput..

[24]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[25]  Luca Cardelli,et al.  A language with distributed scope , 1995, POPL '95.

[26]  Jens Palsbergypalsberg,et al.  Eecient Recursive Subtyping , 1993 .

[27]  Richard Statman Recursive types and the subject reduction theorem , 1994 .

[28]  Flemming Nielson,et al.  Control Flow Analysis for the pi-calculus , 1998, CONCUR.

[29]  Jens Palsberg,et al.  Efficient recursive subtyping , 1992, POPL '93.

[30]  Hanne Riis Nielson,et al.  Control flow analysis for the π-calculus , 1998 .

[31]  Roberto M. Amadio An Asynchronous Model of Locality, Failurem and Process Mobility , 1997, COORDINATION.

[32]  David Gelernter,et al.  Generative communication in Linda , 1985, TOPL.

[33]  Lone Leth Thomsen,et al.  Some Issues in the Semantics of Facile Distributed Programming , 1992, REX Workshop.

[34]  Kazunori Ueda,et al.  Advances in Computing Science — ASIAN'97 , 1997, Lecture Notes in Computer Science.

[35]  Roberto Gorrieri,et al.  A Process Algebraic View of Linda Coordination Primitives , 1998, Theor. Comput. Sci..

[36]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[37]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[38]  Nicholas Carriero,et al.  Distributed data structures in Linda , 1986, POPL '86.

[39]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[40]  Jean-Jacques Lévy,et al.  A Calculus of Mobile Agents , 1996, CONCUR.

[41]  Fritz Henglein,et al.  Coinductive Axiomatization of Recursive Type Equality and Subtyping , 1998, Fundam. Informaticae.

[42]  Benjamin C. Pierce,et al.  Linearity and the pi-calculus , 1999, TOPL.

[43]  Mariangiola Dezani-Ciancaglini,et al.  A Filter Model for Concurrent lambda-Calculus , 1998, SIAM J. Comput..

[44]  Luca Cardelli,et al.  Subtyping recursive types , 1991, POPL '91.

[45]  Benjamin C. Pierce,et al.  Decoding Choice Encodings , 1999 .

[46]  Luca Cardelli,et al.  Types for mobile ambients , 1999, POPL '99.

[47]  Rocco De Nicola,et al.  KLAIM: A Kernel Language for Agents Interaction and Mobility , 1998, IEEE Trans. Software Eng..

[48]  Roberto M. Amadio,et al.  Localities and Failures (Extended Abstract) , 1994, FSTTCS.

[49]  R. Amadio,et al.  Localities and Failures , 1995 .