A type system for Discretionary Access Control

Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon's pi-calculus with groups (Cardelli et al. 2005). In our theory, groups play the role of principals and form the unit of abstraction for our access control policies, and types allow the specification of fine-grained access control policies to govern the transmission of names, bound the (iterated) re-transmission of capabilities and predicate their use on the inability to pass them to third parties. The type system relies on subtyping to achieve a selective distribution of capabilities to the groups that control the communication channels. We show that the typing and subtyping relationships of the calculus are decidable. We also prove a type safety result, showing that in well-typed processes all names: (i) flow according to the access control policies specified by their types; and (ii) are received at the intended sites with the intended capabilities. We illustrate the expressive power and the flexibility of the typing system using several examples.

[1]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[2]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Jan Vitek,et al.  Type-based distributed access control , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[4]  Naoki Kobayashi Type-based information flow analysis for the π-calculus , 2005, Acta Informatica.

[5]  Daniele Gorla,et al.  Resource Access and Mobility Control with Dynamic Privileges Acquisition , 2003, ICALP.

[6]  Nobuko Yoshida,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 2007, Electron. Notes Theor. Comput. Sci..

[7]  François Pottier A simple view of type-secure information flow in the /spl pi/-calculus , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[8]  Luca Cardelli,et al.  Secrecy and Group Creation , 2000, CONCUR.

[9]  Vasco Thudichum Vasconcelos,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 1998, SecReT@ICALP.

[10]  Martín Abadi,et al.  Reasoning about Cryptographic Protocols in the Spi Calculus , 1997, CONCUR.

[11]  Nobuko Yoshida,et al.  Secure Information Flow as Typed Process Behaviour , 2000, ESOP.

[12]  Jan Vitek,et al.  Secure composition of untrusted code: box π, wrappers, and causality types , 2003 .

[13]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[14]  Rocco De Nicola,et al.  Types for access control , 2000, Theor. Comput. Sci..

[15]  Julian Rathke,et al.  safeDpi: a language for controlling mobile code , 2005, Acta Informatica.

[16]  Andrew D. Gordon,et al.  A Type Discipline for Authorization in Distributed Systems , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[17]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[18]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, HLCL.

[19]  Fritz Henglein,et al.  Coinductive Axiomatization of Recursive Type Equality and Subtyping , 1998, Fundam. Informaticae.

[20]  Rocco De Nicola,et al.  Confining data and processes in global computing applications , 2006, Sci. Comput. Program..

[21]  Benjamin C. Pierce,et al.  Recursive subtyping revealed , 2000, Journal of Functional Programming.

[22]  Michele Bugliesi,et al.  Secure implementations of typed channel abstractions , 2007, POPL '07.

[23]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[24]  James Riely,et al.  A typed language for distributed mobile processes (extended abstract) , 1998, POPL '98.

[25]  Matthew Hennessy A Typed Language for Distributed Mobile Processes , 1998 .

[26]  Michele Bugliesi,et al.  Type Based Discretionary Access Control , 2004, CONCUR.

[27]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[28]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[29]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[30]  Nobuko Yoshida,et al.  Structured Communication-Centred Programming for Web Services , 2007, ESOP.

[31]  Michele Bugliesi,et al.  Type based dDscretionary Access Control , 2004 .

[32]  James Riely,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2000, TOPL.