×

Dynamic management of capabilities in a network aware coordination language. (English) Zbl 1183.68041

Summary: We introduce a capability-based access control model integrated into a linguistic formalism for modeling network aware systems and applications. Our access control model enables specification and dynamic modification of policies for controlling process activities (mobility of code and access to resources). We exploit a combination of static and dynamic checking and of in-lined reference monitoring to guarantee absence of run-time errors due to lack of capabilities. We illustrate the usefulness of our framework by using it for implementing a simplified but realistic scenario. Finally, we show how the model can be easily tailored for dealing with different forms of capability acquisition and loss, thus enabling different possible variations of access control policies.

MSC:

68M10 Network design and communication in computer systems
68N15 Theory of programming languages
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Abadi, M., Logic in access control, (18th IEEE Symposium on Logic in Computer Science (LICS 2003) (2003), IEEE Computer Society), 228-233
[2] M. Abadi, C. Fournet, Mobile values, new names, and secure communication, in: POPL, 2001, pp. 104-115.; M. Abadi, C. Fournet, Mobile values, new names, and secure communication, in: POPL, 2001, pp. 104-115. · Zbl 1323.68398
[3] M. Abadi, C. Fournet, Access control based on execution history, in: 10th Annual Network and Distributed System Security Symposium (NDSS’03), The Internet Society, 2003.; M. Abadi, C. Fournet, Access control based on execution history, in: 10th Annual Network and Distributed System Security Symposium (NDSS’03), The Internet Society, 2003.
[4] Adão, P.; Fournet, C., Cryptographically sound implementations for communicating processes, (Bugliesi, M.; Preneel, B.; Sassone, V.; Wegener, I., ICALP (2), Lecture Notes in Computer Sciences, vol. 4052 (2006), Springer), 83-94 · Zbl 1133.94342
[5] Arnold, K.; Freeman, E.; Hupfer, S., JavaSpaces Principles, Patterns and Practice (1999), Addison-Wesley
[6] D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna, Saner: composing static and dynamic analysis to validate sanitization in web applications, in: IEEE Symposium on Security and Privacy, 2008, pp. 387-401.; D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna, Saner: composing static and dynamic analysis to validate sanitization in web applications, in: IEEE Symposium on Security and Privacy, 2008, pp. 387-401.
[7] S. Bandhakavi, W. Winsborough, M. Winslett, A trust management approach for flexible policy management in security-typed languages, in: CSF’08: Proceedings of the 21st IEEE Computer Security Foundations Symposium, IEEE Computer Society, 2008, pp. 33-47.; S. Bandhakavi, W. Winsborough, M. Winslett, A trust management approach for flexible policy management in security-typed languages, in: CSF’08: Proceedings of the 21st IEEE Computer Security Foundations Symposium, IEEE Computer Society, 2008, pp. 33-47.
[8] Bettini, L.; De Nicola, R.; Pugliese, R., Klava: a Java Package for Distributed and Mobile Applications, Software - Practice and Experience, 32, 1365-1394 (2002) · Zbl 1009.68933
[9] Blaze, M.; Feigenbaum, J.; Keromytis, A. D., The role of trust management in distributed systems security, (Secure Internet Programming: Issues in Distributed and Mobile Object Systems, LNCS, vol. 1603 (1999), Springer-Verlag), 185-210
[10] M. Blaze, J. Feigenbaum, J. Lacy, Decentralized trust management, in: IEEE Symposium on Security and Privacy, 1996, pp. 164-173.; M. Blaze, J. Feigenbaum, J. Lacy, Decentralized trust management, in: IEEE Symposium on Security and Privacy, 1996, pp. 164-173.
[11] Bugliesi, M.; Castagna, G.; Crafa, S., Access control for mobile agents: the calculus of boxed ambients, ACM Trans. Program. Lang. Syst., 26, 1, 57-124 (2004)
[12] Bugliesi, M.; Giunti, M., Secure implementations of typed channel abstractions, (Hofmann, M.; Felleisen, M., POPL (2007), ACM), 251-262 · Zbl 1295.68078
[13] Cardelli, L.; Ghelli, G.; Gordon, A. D., Types for the ambient calculus, J. Inform. Comput., 177, 2, 160-194 (2002) · Zbl 1093.68060
[14] L. Cardelli, A.D. Gordon, Mobile ambients, Theoret. Comput. Sci. 240(1) (2000) 177-213, an extended abstract in: Proceedings of FoSSaCS’98, Lecture Notes in Computer Science, vol. 1378, Springer, 1998, pp. 140-155.; L. Cardelli, A.D. Gordon, Mobile ambients, Theoret. Comput. Sci. 240(1) (2000) 177-213, an extended abstract in: Proceedings of FoSSaCS’98, Lecture Notes in Computer Science, vol. 1378, Springer, 1998, pp. 140-155. · Zbl 0954.68108
[15] Castagna, G.; Vitek, J.; Nardelli, F. Z., The seal calculus, Inf. Comput., 201, 1, 1-54 (2005) · Zbl 1101.68060
[16] Chaudhuri, A., Dynamic access control in a concurrent object calculus, (Proceedings of CONCUR. Proceedings of CONCUR, LNCS, vol. 4137 (2006), Springer), 263-278 · Zbl 1151.68518
[17] A. Chaudhuri, M. Abadi, Secrecy by typing and file-access control, in: CSFW’06: Proceedings of the 19th IEEE workshop on Computer Security Foundations, IEEE Computer Society, 2006, pp. 112-123.; A. Chaudhuri, M. Abadi, Secrecy by typing and file-access control, in: CSFW’06: Proceedings of the 19th IEEE workshop on Computer Security Foundations, IEEE Computer Society, 2006, pp. 112-123.
[18] Chen, H.; Chong, S., Owned policies for information security, (Proceedings of CSFW (2004), IEEE Computer Society), 126-138
[19] Chu, Y.-H.; Feigenbaum, J.; LaMacchia, B. A.; Resnick, P.; Strauss, M., Referee: trust management for web applications, Comput. Networks, 29, 8-13, 953-964 (1997)
[20] V.-L. Chung, C.S. MacDonald, The development of a distributed capability system for VLOS, in: F. Lai, J. Morris (Eds.), Seventh Asia-Pacific Computer Systems Architectures Conference (ACSAC2002), Melbourne, Australia, 2002.; V.-L. Chung, C.S. MacDonald, The development of a distributed capability system for VLOS, in: F. Lai, J. Morris (Eds.), Seventh Asia-Pacific Computer Systems Architectures Conference (ACSAC2002), Melbourne, Australia, 2002.
[21] Ciancarini, P.; Tolksdorf, R.; Vitali, F.; Rossi, D.; Knoche, A., Coordinating multiagent applications on the WWW: a reference architecture, IEEE Transactions on Software Engineering, 24, 5, 362-366 (1998)
[22] Coppo, M.; Dezani, M.; Giovannetti, E.; Pugliese, R., Dynamic and local typing for mobile ambients, (Proceedings of IFIP-TCS’04 (2004), Kluwer), 577-590 · Zbl 1094.68060
[23] Czerwinski, S. E.; Zhao, B. Y.; Hodes, T. D.; Joseph, A. D.; Katz, R. H., An architecture for a secure service discovery service, (MobiCom’99: Proceedings of the 5th Annual ACM/IEEE International Conference on Mobile Computing and Networking (1999), ACM Press), 24-35
[24] De Nicola, R.; Ferrari, G.; Pugliese, R., Klaim: a kernel language for agents interaction and mobility, IEEE Transactions on Software Engineering, 24, 5, 315-330 (1998)
[25] De Nicola, R.; Ferrari, G.; Pugliese, R.; Venneri, B., Types for access control, Theoret. Comput. Sci., 240, 1, 215-254 (2000) · Zbl 0954.68025
[26] Degano, P.; Levi, F.; Bodei, C., Safe ambients: control flow analysis and security, (ASIAN Computing Science Conference - ASIAN’00. ASIAN Computing Science Conference - ASIAN’00, LNCS, vol. 1961 (2000), Springer), 199-214 · Zbl 0988.68543
[27] C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, T. Ylonen, SPKI certificate theory, IETF RFC 2693, September 1999.; C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, T. Ylonen, SPKI certificate theory, IETF RFC 2693, September 1999.
[28] Focardi, R.; Lucchi, R.; Zavattaro, G., Secure shared data-space coordination languages: a process algebraic surveys, Sci. Comput. Program., 63, 1, 3-15 (2006) · Zbl 1103.68432
[29] Fournet, C.; Gonthier, G.; Levy, J. J.; Maranget, L.; Remy, D., A calculus of mobile agents, (Montanari, U.; Sassone, V., Proceedings of 7th Int. Conf. on Concurrency Theory (CONCUR’96). Proceedings of 7th Int. Conf. on Concurrency Theory (CONCUR’96), LNCS, vol. 1119 (1996), Springer-Verlag), 406-421 · Zbl 1514.68166
[30] C. Fournet, T. Rezk, Cryptographically sound implementations for typed information-flow security, in: G.C. Necula, P. Wadler (Eds.), 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2008, pp. 323-335.; C. Fournet, T. Rezk, Cryptographically sound implementations for typed information-flow security, in: G.C. Necula, P. Wadler (Eds.), 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2008, pp. 323-335. · Zbl 1295.94065
[31] Gelernter, D., Generative communication in Linda, ACM Transactions on Programming Languages and Systems, 7, 1, 80-112 (1985) · Zbl 0559.68030
[32] D. Gelernter, Multiple tuple spaces in Linda, in: J.G. Goos (Ed.), Proceedings, PARLE’89, LNCS, vol. 365, 1989, pp. 20-27.; D. Gelernter, Multiple tuple spaces in Linda, in: J.G. Goos (Ed.), Proceedings, PARLE’89, LNCS, vol. 365, 1989, pp. 20-27.
[33] L. Gong, A secure identity-based capability system, in: IEEE Symposium on Security and Privacy, 1989, pp. 56-65.; L. Gong, A secure identity-based capability system, in: IEEE Symposium on Security and Privacy, 1989, pp. 56-65.
[34] Gorla, D.; Pugliese, R., Enforcing security policies via types, (Proceedings of Security in Pervasive Computing (SPC’03). Proceedings of Security in Pervasive Computing (SPC’03), LNCS, vol. 2802 (2003), Springer-Verlag), 88-103
[35] Gorla, D.; Pugliese, R., Resource access and mobility control with dynamic privileges acquisition, (Proceedings of ICALP’03. Proceedings of ICALP’03, LNCS, vol. 2719 (2003), Springer-Verlag), 119-132 · Zbl 1039.68542
[36] Gorrieri, R.; Lucchi, R.; Zavattaro, G., Supporting secure coordination in spaces, Fundam. Inf., 73, 4, 479-506 (2006) · Zbl 1114.68024
[37] Hagimont, D.; Palma, N. D., Non-functional capability-based access control in the java environment, (8th Int. Conf. on Object-Oriented Information Systems. 8th Int. Conf. on Object-Oriented Information Systems, LNCS, vol. 2425 (2002), Springer), 323-335 · Zbl 1014.68759
[38] Handorean, R.; Roman, G.-C., Secure sharing of tuple spaces in ad hoc settings, Elect. Notes Theor. Comput. Sci., 85, 3 (2003)
[39] Hansen, R. R.; Probst, C. W.; Nielson, F., Sandboxing in myklaim, (First International Conference on Availability, Reliability and Security (ARES) (2006), IEEE Computer Society), 174-181
[40] Hennessy, M.; Riely, J., Information flow vs. resource access in the asynchronous pi-calculus, ACM Trans. Program. Lang. Syst., 24, 5, 566-591 (2002)
[41] Hennessy, M.; Riely, J., Resource access control in systems of mobile agents, Inform. Comput., 173, 82-120 (2002) · Zbl 1009.68081
[42] Laneve, C.; Zavattaro, G., Foundations of web transactions, (Proceedings of FoSSaCS’05. Proceedings of FoSSaCS’05, LNCS, vol. 3441 (2005), Springer), 282-298 · Zbl 1118.68335
[43] N. Li, B.N. Grosof, J. Feigenbaum, A practically implementable and tractable delegation logic, in: IEEE Symposium on Security and Privacy, 2000, pp. 27-42.; N. Li, B.N. Grosof, J. Feigenbaum, A practically implementable and tractable delegation logic, in: IEEE Symposium on Security and Privacy, 2000, pp. 27-42.
[44] Merro, M.; Hennessy, M., A bisimulation-based semantic theory of safe ambients, ACM Trans. Program. Lang. Syst., 28, 2, 290-330 (2006)
[45] M. Miller, K. Yee, J. Shapiro, Capability myths demolished, Technical Report SRL2003-02, Systems Research Laboratory, 2003.; M. Miller, K. Yee, J. Shapiro, Capability myths demolished, Technical Report SRL2003-02, Systems Research Laboratory, 2003.
[46] Necula, G., Proof-carrying code, (Proceedings of POPL’97 (1997), ACM), 106-119
[47] Nielson, F.; Nielson, H. R.; Hansen, R. R., Validating firewalls using flow logics, Theor. Comput. Sci., 283, 2, 381-418 (2002) · Zbl 1016.68003
[48] Nielson, H. R.; Nielson, F., Shape analysis for mobile ambients, Nord. J. Comput., 8, 2, 233-275 (2001) · Zbl 0985.68039
[49] Omicini, A.; Zambonelli, F., Coordination for internet application development, Autonom. Agents Multi-Agent Syst., 2, 3, 251-269 (1999), Special Issue on Coordination Mechanisms and Patterns for Web Agents.
[50] Picco, G.; Murphy, A.; Roman, G.-C., Lime: Linda meets mobility, (Garlan, D., Proceedings of the 21st Int. Conference on Software Engineering (ICSE’99) (1999), ACM Press), 368-377
[51] Riely, J.; Hennessy, M., Trust and partial typing in open systems of mobile agents, J. Autom. Reason., 31, 3-4, 335-370 (2003) · Zbl 1069.68076
[52] Rowstron, A., WCL: a web co-ordination language, World Wide Web J., 1, 3, 167-179 (1998)
[53] Schneider, F. B.; Morrisett, G.; Harper, R., A language-based approach to security, (Informatics: 10 Years Ahead, 10 Years Back. Conference on the Occasion of Dagstuhl’s 10th Anniversary, LNCS, vol. 2000 (2000), Springer), 86-101
[54] J.S. Shapiro, J.M. Smith, D.J. Farber, EROS: a fast capability system, in: Symposium on Operating Systems Principles, 1999, pp. 170-185.; J.S. Shapiro, J.M. Smith, D.J. Farber, EROS: a fast capability system, in: Symposium on Operating Systems Principles, 1999, pp. 170-185.
[55] Shroff, P.; Smith, S. F.; Thober, M., Dynamic dependency monitoring to secure information flow, (Proceedings of CSF (2007), IEEE Computer Society), 203-217
[56] Sun Microsystems, Javaspace specification, 1999. <http://java.sun.com/>.; Sun Microsystems, Javaspace specification, 1999. <http://java.sun.com/>.
[57] Swamy, N.; Hicks, M.; Tse, S.; Zdancewic, S., Managing policy updates in security-typed languages, (Proceedings of CSFW (2006), IEEE Computer Society), 202-216
[58] Tanenbaum, A. S.; Mullender, S. J.; van Renesse, R., Using sparse capabilities in a distributed operating system, (Proceedings of the 6th International Conference on Distributed Computing Systems (ICDCS) (1986), IEEE Computer Society), 558-563
[59] S. Tse, S. Zdancewic, Run-time principals in information-flow type systems, in: IEEE Symposium on Security and Privacy, 2004, pp. 179-193.; S. Tse, S. Zdancewic, Run-time principals in information-flow type systems, in: IEEE Symposium on Security and Privacy, 2004, pp. 179-193.
[60] Udzir, N. I.; Wood, A. M.; Jacob, J. L., Coordination with multicapabilities, Sci. Comput. Program., 64, 2, 205-222 (2007) · Zbl 1178.68083
[61] M. Wand, I. Siveroni, Constraint systems for useless variable elimination, in: proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 1999, pp. 291-302.; M. Wand, I. Siveroni, Constraint systems for useless variable elimination, in: proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 1999, pp. 291-302.
[62] Wood, A., Coordination with attributes, (COORDINATION’99: Proceedings of the Third International Conference on Coordination Languages and Models (1999), Springer-Verlag), 21-36
[63] Wyckoff, P.; McLaughry, S.; Lehman, T.; Ford, D., TSpaces, IBM Syst. J., 37, 3, 454-474 (1998)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.