Dynamic Access Control in a Concurrent Object Calculus

We develop a variant of Gordon and Hankin's concurrent object calculus with support for flexible access control on methods. We investigate safe administration and access of shared resources in the resulting language. Specifically, we show a static type system that guarantees safe manipulation of objects with respect to dynamic specifications, where such specifications are enforced via access changes on the underlying methods at runtime. By labeling types with secrecy groups, we show that well-typed systems preserve their secrets amidst dynamic access control and untrusted environments.

[1]  Martín Abadi,et al.  Secrecy by typing and file-access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[2]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[3]  Davide Sangiorgi,et al.  Imperative objects as mobile processes , 2002, Sci. Comput. Program..

[4]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, HLCL.

[5]  David D. Redell,et al.  NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS , 1974 .

[6]  V. Sassone,et al.  A distributed calculus for role-based access control , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[7]  Martín Abadi,et al.  An Imperative Object Calculus , 1995, TAPSOFT.

[8]  Andrew D. Gordon,et al.  A Concurrent Object Calculus: Reduction and Typing , 1998, HLCL.

[9]  Thierry Coquand,et al.  Pattern Matching with Dependent Types , 1992 .

[10]  Martín Abadi,et al.  Object Types against Races , 1999, CONCUR.

[11]  Carolyn L. Talcott,et al.  A Control-Flow Analysis for a Calculus of Concurrent Objects , 2000, IEEE Trans. Software Eng..

[12]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[13]  Thorsten von Eicken,et al.  Type System Support for Dynamic Revocation , 1999 .

[14]  Z. D. Kirli Confined mobile functions , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[15]  Alan Jeffrey,et al.  Timed Spi-Calculus with Types for Secrecy and Authenticity , 2005, CONCUR.

[16]  Daniele Gorla,et al.  Resource Access and Mobility Control with Dynamic Privileges Acquisition , 2003, ICALP.

[17]  Robin Milner,et al.  Definition of standard ML , 1990 .

[18]  Andrew C. Myers,et al.  Dynamic Security Labels and Noninterference (Extended Abstract) , 2004, Formal Aspects in Security and Trust.

[19]  Julian Rathke,et al.  Towards a behavioural theory of access and mobility control in distributed systems , 2003, Theor. Comput. Sci..

[20]  Luca Cardelli,et al.  Secrecy and group creation , 2005, Inf. Comput..

[21]  Kevin W. Hamlen,et al.  Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[22]  Andrew D. Gordon,et al.  Secrecy Despite Compromise: Types, Cryptography, and the Pi-Calculus , 2005, CONCUR.

[23]  Anindya Banerjee,et al.  Using access control for secure information flow in a Java-like language , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[24]  Vasco Thudichum Vasconcelos,et al.  Typed Concurrent Objects , 1994, ECOOP.

[25]  Michele Bugliesi,et al.  Type Based Discretionary Access Control , 2004, CONCUR.

[26]  Andrew C. Myers,et al.  Dynamic Security Labels and Noninterference , 2004 .

[27]  Kathleen Fisher,et al.  A Calculus for Concurrent Objects , 1996, CONCUR.

[28]  Cormac Flanagan,et al.  Hybrid type checking , 2006, POPL '06.

[29]  Michele Bugliesi,et al.  Access control for mobile agents: The calculus of boxed ambients , 2004, TOPL.

[30]  Rocco De Nicola,et al.  Types for access control , 2000, Theor. Comput. Sci..

[31]  James Riely,et al.  Information Flow vs. Resource Access in the Asynchronous Pi-Calculus , 2000, ICALP.

[32]  Martín Abadi,et al.  Secrecy Types for Asymmetric Communication , 2001, FoSSaCS.

[33]  Andrew C. Myers,et al.  Enforcing robust declassification , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[34]  Scott F. Smith,et al.  A Systematic Approach to Static Access Control , 2001, ESOP.

[35]  Julian Rathke,et al.  Towards a behavioural theory of access and mobility control in distributed systems , 2004, Theor. Comput. Sci..