Security types for dynamic web data

We describe a type system for the [email protected] calculus of Gardner and Maffeis. An [email protected] is a network of locations, where each location consists of both a data tree (which contains scripts and pointers to nodes in trees at different locations) and a process, for modeling process interaction, process migration and interaction between processes and data. Our type system is based on types for locations, data and processes, expressing security levels. A tree can store data of different security level, independently from the security level of the enclosing location. The access and mobility rights of a process depend on the security level of the ''source'' location of the process itself, i.e. of the location where the process was in the initial network or where the process was created by the activation of a script. The type system enjoys type preservation under reduction (subject reduction). In consequence of subject reduction we prove the following security properties. In a well-typed [email protected], a process P whose source location is of level h can copy data of security level at most h and update data of security level less than h. Moreover, the process P can only communicate data and go to locations of security level equal or less than h.

[1]  Serge Abiteboul,et al.  Active XML, Security and Access Control , 2004, SBBD.

[2]  Nicolás Marín,et al.  Review of Data on the Web: from relational to semistructured data and XML by Serge Abiteboul, Peter Buneman, and Dan Suciu. Morgan Kaufmann 1999. , 2003, SGMD.

[3]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[4]  Steve Zdancewic,et al.  Challenges for Information-flow Security , 2004 .

[5]  Philippa Gardner,et al.  Modelling dynamic web data , 2003, Theor. Comput. Sci..

[6]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[7]  Rocco De Nicola,et al.  Types for access control , 2000, Theor. Comput. Sci..

[8]  Davide Sangiorgi,et al.  The Pi-Calculus - a theory of mobile processes , 2001 .

[9]  James Riely,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2000, TOPL.

[10]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[11]  Dan Suciu,et al.  Data on the Web: From Relations to Semistructured Data and XML , 1999 .

[12]  Mariangiola Dezani-Ciancaglini,et al.  A Mobility Calculus with Local and Dependent Types , 2005, Processes, Terms and Cycles.

[13]  Nobuko Yoshida,et al.  Formalising Java RMI with explicit code mobility , 2005, OOPSLA '05.

[14]  Luca Cardelli,et al.  Types for the ambient calculus , 2002 .

[15]  Luca Cardelli,et al.  A Query Language Based on the Ambient Logic , 2001, SEBD.

[16]  Jan Vitek,et al.  The Seal Calculus , 2005, Inf. Comput..

[17]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, Inf. Comput..

[18]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[19]  Mariangiola Dezani-Ciancaglini,et al.  Security Types for Dynamic Web Data , 2006, TGC.

[20]  Julian Rathke,et al.  Typed behavioural equivalences for processes in the presence of subtyping , 2004, Math. Struct. Comput. Sci..

[21]  Arnaud Sahuguet,et al.  Ubql: a distributed query language to program distributed query systems , 2002 .

[22]  Davide Sangiorgi,et al.  Behavioral equivalence in the polymorphic pi-calculus , 2000, JACM.

[23]  Dermot Cochran,et al.  The KOA Remote Voting System: A Summary of Work to Date , 2006, TGC.