×

zbMATH — the first resource for mathematics

Dynamic management of capabilities in a network aware coordination language. (English) Zbl 1183.68041
Summary: We introduce a capability-based access control model integrated into a linguistic formalism for modeling network aware systems and applications. Our access control model enables specification and dynamic modification of policies for controlling process activities (mobility of code and access to resources). We exploit a combination of static and dynamic checking and of in-lined reference monitoring to guarantee absence of run-time errors due to lack of capabilities. We illustrate the usefulness of our framework by using it for implementing a simplified but realistic scenario. Finally, we show how the model can be easily tailored for dealing with different forms of capability acquisition and loss, thus enabling different possible variations of access control policies.

MSC:
68M10 Network design and communication in computer systems
68N15 Theory of programming languages
Software:
EROS; KLAIM; Klava; LIME; Linda; Saner
PDF BibTeX XML Cite
Full Text: DOI
References:
[1] Abadi, M., Logic in access control, (), 228-233
[2] M. Abadi, C. Fournet, Mobile values, new names, and secure communication, in: POPL, 2001, pp. 104-115. · Zbl 1323.68398
[3] M. Abadi, C. Fournet, Access control based on execution history, in: 10th Annual Network and Distributed System Security Symposium (NDSS’03), The Internet Society, 2003.
[4] Adão, P.; Fournet, C., Cryptographically sound implementations for communicating processes, (), 83-94 · Zbl 1133.94342
[5] Arnold, K.; Freeman, E.; Hupfer, S., Javaspaces principles, patterns and practice, (1999), Addison-Wesley
[6] D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna, Saner: composing static and dynamic analysis to validate sanitization in web applications, in: IEEE Symposium on Security and Privacy, 2008, pp. 387-401.
[7] S. Bandhakavi, W. Winsborough, M. Winslett, A trust management approach for flexible policy management in security-typed languages, in: CSF’08: Proceedings of the 21st IEEE Computer Security Foundations Symposium, IEEE Computer Society, 2008, pp. 33-47.
[8] Bettini, L.; De Nicola, R.; Pugliese, R., \scklava: a Java package for distributed and mobile applications, Software – practice and experience, 32, 1365-1394, (2002) · Zbl 1009.68933
[9] Blaze, M.; Feigenbaum, J.; Keromytis, A.D., The role of trust management in distributed systems security, (), 185-210
[10] M. Blaze, J. Feigenbaum, J. Lacy, Decentralized trust management, in: IEEE Symposium on Security and Privacy, 1996, pp. 164-173.
[11] Bugliesi, M.; Castagna, G.; Crafa, S., Access control for mobile agents: the calculus of boxed ambients, ACM trans. program. lang. syst., 26, 1, 57-124, (2004)
[12] Bugliesi, M.; Giunti, M., Secure implementations of typed channel abstractions, (), 251-262 · Zbl 1295.68078
[13] Cardelli, L.; Ghelli, G.; Gordon, A.D., Types for the ambient calculus, J. inform. comput., 177, 2, 160-194, (2002) · Zbl 1093.68060
[14] L. Cardelli, A.D. Gordon, Mobile ambients, Theoret. Comput. Sci. 240(1) (2000) 177-213, an extended abstract in: Proceedings of FoSSaCS’98, Lecture Notes in Computer Science, vol. 1378, Springer, 1998, pp. 140-155. · Zbl 0954.68108
[15] Castagna, G.; Vitek, J.; Nardelli, F.Z., The seal calculus, Inf. comput., 201, 1, 1-54, (2005) · Zbl 1101.68060
[16] Chaudhuri, A., Dynamic access control in a concurrent object calculus, (), 263-278 · Zbl 1151.68518
[17] A. Chaudhuri, M. Abadi, Secrecy by typing and file-access control, in: CSFW’06: Proceedings of the 19th IEEE workshop on Computer Security Foundations, IEEE Computer Society, 2006, pp. 112-123.
[18] Chen, H.; Chong, S., Owned policies for information security, (), 126-138
[19] Chu, Y.-H.; Feigenbaum, J.; LaMacchia, B.A.; Resnick, P.; Strauss, M., Referee: trust management for web applications, Comput. networks, 29, 8-13, 953-964, (1997)
[20] V.-L. Chung, C.S. MacDonald, The development of a distributed capability system for VLOS, in: F. Lai, J. Morris (Eds.), Seventh Asia-Pacific Computer Systems Architectures Conference (ACSAC2002), Melbourne, Australia, 2002.
[21] Ciancarini, P.; Tolksdorf, R.; Vitali, F.; Rossi, D.; Knoche, A., Coordinating multiagent applications on the WWW: a reference architecture, IEEE transactions on software engineering, 24, 5, 362-366, (1998)
[22] Coppo, M.; Dezani, M.; Giovannetti, E.; Pugliese, R., Dynamic and local typing for mobile ambients, (), 577-590 · Zbl 1094.68060
[23] Czerwinski, S.E.; Zhao, B.Y.; Hodes, T.D.; Joseph, A.D.; Katz, R.H., An architecture for a secure service discovery service, (), 24-35
[24] De Nicola, R.; Ferrari, G.; Pugliese, R., \scklaim: a kernel language for agents interaction and mobility, IEEE transactions on software engineering, 24, 5, 315-330, (1998)
[25] De Nicola, R.; Ferrari, G.; Pugliese, R.; Venneri, B., Types for access control, Theoret. comput. sci., 240, 1, 215-254, (2000) · Zbl 0954.68025
[26] Degano, P.; Levi, F.; Bodei, C., Safe ambients: control flow analysis and security, (), 199-214 · Zbl 0988.68543
[27] C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, T. Ylonen, SPKI certificate theory, IETF RFC 2693, September 1999.
[28] Focardi, R.; Lucchi, R.; Zavattaro, G., Secure shared data-space coordination languages: a process algebraic surveys, Sci. comput. program., 63, 1, 3-15, (2006) · Zbl 1103.68432
[29] Fournet, C.; Gonthier, G.; Levy, J.J.; Maranget, L.; Remy, D., A calculus of mobile agents, (), 406-421
[30] C. Fournet, T. Rezk, Cryptographically sound implementations for typed information-flow security, in: G.C. Necula, P. Wadler (Eds.), 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2008, pp. 323-335. · Zbl 1295.94065
[31] Gelernter, D., Generative communication in linda, ACM transactions on programming languages and systems, 7, 1, 80-112, (1985) · Zbl 0559.68030
[32] D. Gelernter, Multiple tuple spaces in Linda, in: J.G. Goos (Ed.), Proceedings, PARLE’89, LNCS, vol. 365, 1989, pp. 20-27.
[33] L. Gong, A secure identity-based capability system, in: IEEE Symposium on Security and Privacy, 1989, pp. 56-65.
[34] Gorla, D.; Pugliese, R., Enforcing security policies via types, (), 88-103
[35] Gorla, D.; Pugliese, R., Resource access and mobility control with dynamic privileges acquisition, (), 119-132 · Zbl 1039.68542
[36] Gorrieri, R.; Lucchi, R.; Zavattaro, G., Supporting secure coordination in spaces, Fundam. inf., 73, 4, 479-506, (2006) · Zbl 1114.68024
[37] Hagimont, D.; Palma, N.D., Non-functional capability-based access control in the Java environment, (), 323-335 · Zbl 1014.68759
[38] Handorean, R.; Roman, G.-C., Secure sharing of tuple spaces in ad hoc settings, Elect. notes theor. comput. sci., 85, 3, (2003)
[39] Hansen, R.R.; Probst, C.W.; Nielson, F., Sandboxing in myklaim, (), 174-181
[40] Hennessy, M.; Riely, J., Information flow vs. resource access in the asynchronous pi-calculus, ACM trans. program. lang. syst., 24, 5, 566-591, (2002)
[41] Hennessy, M.; Riely, J., Resource access control in systems of mobile agents, Inform. comput., 173, 82-120, (2002) · Zbl 1009.68081
[42] Laneve, C.; Zavattaro, G., Foundations of web transactions, (), 282-298 · Zbl 1118.68335
[43] N. Li, B.N. Grosof, J. Feigenbaum, A practically implementable and tractable delegation logic, in: IEEE Symposium on Security and Privacy, 2000, pp. 27-42.
[44] Merro, M.; Hennessy, M., A bisimulation-based semantic theory of safe ambients, ACM trans. program. lang. syst., 28, 2, 290-330, (2006)
[45] M. Miller, K. Yee, J. Shapiro, Capability myths demolished, Technical Report SRL2003-02, Systems Research Laboratory, 2003.
[46] Necula, G., Proof-carrying code, (), 106-119
[47] Nielson, F.; Nielson, H.R.; Hansen, R.R., Validating firewalls using flow logics, Theor. comput. sci., 283, 2, 381-418, (2002) · Zbl 1016.68003
[48] Nielson, H.R.; Nielson, F., Shape analysis for mobile ambients, Nord. J. comput., 8, 2, 233-275, (2001) · Zbl 0985.68039
[49] Omicini, A.; Zambonelli, F., Coordination for Internet application development, Autonom. agents multi-agent syst., 2, 3, 251-269, (1999), Special Issue on Coordination Mechanisms and Patterns for Web Agents.
[50] Picco, G.; Murphy, A.; Roman, G.-C., \sclime: linda meets mobility, (), 368-377
[51] Riely, J.; Hennessy, M., Trust and partial typing in open systems of mobile agents, J. autom. reason., 31, 3-4, 335-370, (2003) · Zbl 1069.68076
[52] Rowstron, A., WCL: a web co-ordination language, World wide web J., 1, 3, 167-179, (1998)
[53] Schneider, F.B.; Morrisett, G.; Harper, R., A language-based approach to security, (), 86-101
[54] J.S. Shapiro, J.M. Smith, D.J. Farber, EROS: a fast capability system, in: Symposium on Operating Systems Principles, 1999, pp. 170-185.
[55] Shroff, P.; Smith, S.F.; Thober, M., Dynamic dependency monitoring to secure information flow, (), 203-217
[56] Sun Microsystems, Javaspace specification, 1999. <http://java.sun.com/>.
[57] Swamy, N.; Hicks, M.; Tse, S.; Zdancewic, S., Managing policy updates in security-typed languages, (), 202-216
[58] Tanenbaum, A.S.; Mullender, S.J.; van Renesse, R., Using sparse capabilities in a distributed operating system, (), 558-563
[59] S. Tse, S. Zdancewic, Run-time principals in information-flow type systems, in: IEEE Symposium on Security and Privacy, 2004, pp. 179-193.
[60] Udzir, N.I.; Wood, A.M.; Jacob, J.L., Coordination with multicapabilities, Sci. comput. program., 64, 2, 205-222, (2007) · Zbl 1178.68083
[61] M. Wand, I. Siveroni, Constraint systems for useless variable elimination, in: proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 1999, pp. 291-302.
[62] Wood, A., Coordination with attributes, (), 21-36
[63] Wyckoff, P.; McLaughry, S.; Lehman, T.; Ford, D., Tspaces, IBM syst. J., 37, 3, 454-474, (1998)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.