Dynamic role authorization in multiparty conversations
Authors: 
Silvia Ghilezan, Svetlana Jakšić, 
Jovanka Pantović, 
Jorge A. Pérez, 
Hugo Torres VieiraAuthors Info & Claims
Pages 643 - 667
Abstract
Protocols in distributed settings usually rely on the interaction of several parties and often identify the roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of role authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single role, or in which one site may be authorized to act on behalf of different roles. This flexibility must be equipped with ways of controlling the roles that the different parties are authorized to represent, including the challenging case in which role authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic role authorization and delegation. Building on previous work on conversation types with role assignment, our formal model is based on an extension of the -calculus in which the basic resources are pairs channel-role, which denote the access right of interacting along a given channel representing the given role. To specify dynamic authorization control, our process model includes (1) a novel scoping construct for authorization domains, and (2) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error then corresponds to an action involving a channel and a role not enclosed by an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, including when parties dynamically acquire authorizations.
References
References
[1]
Bono V, Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) A reputation system for multirole sessions. In: Roberto B, Vladimiro S (eds) Trustworthy Global Computing—6th International Symposium, TGC 2011, Aachen, Germany, June 9-10, 2011. Revised Selected Papers, vol. 7173 of Lecture Notes in Computer Science. Springer, pp 1–24
[2]
Bartoletti M, Castellani I, Deniélou P, Dezani-Ciancaglini M, Ghilezan S, Pantovic J, Pérez JA, Thiemann P, Toninho B, and Vieira HT Combining behavioural types with security analysis J Log Algebr Meth Program, 2015 84 6 763-780
[3]
Bonelli E, Compagnoni AB, and Gunter EL Correspondence assertions for process synchronization in concurrent communications J Funct Program 2005 15 2 219-247
[4]
Baltazar P, Caires L, Vasconcelos VT, Vieira HT (2012) A type system for flexible role assignment in multiparty communicating systems. In: Catuscia P and Mark Dermot R (eds) Trustworthy Global Computing—7th International Symposium, TGC2012, Revised Selected Papers, Vol 8191 of Lecture Notes in Computer Science. Springer, pp 82–96
[5]
Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) Information flow safety in multiparty sessions. In: Bas L and Frank V (eds) Proceedings 18th International Workshop on Expressiveness in Concurrency, EXPRESS 2011, Aachen, Germany, 5th September 2011, Vol 64 EPTCS, pp 16–30
[6]
Capecchi S, Castellani I, Dezani-Ciancaglini M, Rezk T (2010) Session types for access and information flow control. In: Paul G, François L (eds) CONCUR 2010—Concurrency Theory, 21th International Conference, CONCUR 2010, Paris, France, August 31–September 3, 2010. Proceedings, Vol 6269 of Lecture Notes in Computer Science, Springer, pp 237–252
[7]
David G, Clarke, Potter J, Noble J (1998) Ownership types for flexible alias protection. In: Bjørn N. Freeman-Benson and Craig Chambers (eds) Proceedings of the 1998 ACMSIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA ’98), Vancouver, British Columbia, Canada, October 18-22, 1998. ACM, pp 48–64
[8]
Caires L and Vieira HT Conversation types Theor Comp Sci 2010 411 51–52 4399-4440
[9]
Dezani-Ciancaglini M, Ghilezan S, Jaksic S, Pantovic J (2010) Types for role-based access control of dynamic web data. In Julio Mariño (ed) Functional and Constraint Logic Programming—19th International Workshop, WFLP 2010, Madrid, Spain, January 17, 2010. Revised Selected Papers, volume 6559 of Lecture Notes in Computer Science. Springer, pp 1–29
[10]
Pierre-Malo D, Yoshida N (2011) Dynamic multirole session types. In: Thomas B, Mooly S (eds) Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011, ACM, pp 435–446
[11]
Fournet C, Gordon AD, Maffeis S (2007) A type discipline for authorization policies. ACM Trans Program Lang Syst, 29(5)
[12]
Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2014) Dynamic role authorization in multiparty conversations. In: Proceedings of BEAT 2014, Vol. 162 of EPTCS, pp 1–8
[13]
Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2016) A typed model for dynamic authorizations. In: Gay S,Alglave J (eds)
Proceedings Eighth InternationalWorkshop on Programming Language Approaches to Concurrency- and CommunicationcEntric
Software, London, 18thApril 2015. Electronic Proceedings in TheoreticalComputer Science, vol 203. Open Publishing Association, pp 73–84.
[14]
Gorla D and Pugliese R Dynamic management of capabilities in a network aware coordination language J Log Algebr Program 2009 78 8 665-689
[15]
Giunti M, Palamidessi C, Valencia FD (2012) Hide and new in the pi-calculus. In: Proceedings Combined 19th International Workshop on Expressiveness in Concurrency and 9th Workshop on Structured Operational Semantics, EXPRESS/SOS 2012, volume 89 of EPTCS, pp 65–79
[16]
Huttel H, Lanese I, Vasconcelos VT, Caires L, Carbone M, Pierre-Malo D, Mostrous D, Padovani L, Ravara A, Tuosto E, Vieira HT, Zavattaro G (2016) Foundations of behavioural types. ACM Comput. Surv. To appear. Preliminary version available at http://www.behavioural-types.eu/publications/.
[17]
Michael A, Harrison, Walter L, Ruzzo, and Jeffrey D Ullman. Protection in operating systems Commun ACM 1976 19 8 461-471
[18]
Lampson BW Protection Operating Syst Rev 1974 8 1 18-24
[19]
Lapadula A, Pugliese R, Tiezzi F (2007) Regulating data exchange in service oriented applications. In Farhad Arbab and Marjan Sirjani, editors, International Symposium on Fundamentals of Software Engineering, International Symposium, FSEN 2007, Tehran, Iran, April 17-19, 2007, Proceedings, volume 4767 of Lecture Notes in Computer Science. Springer, pp 223–239
[20]
Sandhu RS (1992) The typed access matrix model. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, May 4–6, 1992. IEEE Computer Society, pp 122–136
[21]
Swamy N, Chen J, Chugh R (2010) Enforcing stateful authorization and information flow policies in fine. In: Programming Languages and Systems, 19th European Symposium on Programming, ESOP 2010, Proceedings, Vol 6012 of Lecture Notes in Computer Science, Springer, pp 529–549
[22]
Samarati P, De Capitani di Vimercati S (2000) Access control: Policies, models, and mechanisms. In: Riccardo Focardi, Roberto Gorrieri (eds) Foundations of Security Analysis and Design, Tutorial Lectures [revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, FOSAD 2000, Bertinoro, Italy, September 2000], Vol. 2171 of Lecture Notes in Computer Science. Springer, pp 137–196
[23]
Sangiorgi D, Walker D (2001) The Pi-Calculus—a theory of mobile processes. Cambridge University Press
[24]
Vivas J and Yoshida N Dynamic channel screening in the higher order pi-calculus Electr Notes Theor Comput Sci 2002 66 3 170-184
Index Terms
- Dynamic role authorization in multiparty conversations
Index terms have been assigned to the content through auto-classification.
Recommendations
Role-based access control for boxed ambients
Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile ...
Role-Based delegation with negative authorization
APWeb'06: Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and DevelopmentRole-based delegation model (RBDM) based on role-based access control (RBAC) has proven to be a flexible and useful access control model for information sharing on distributed collaborative environment. Authorization is an important functionality for ...
A role administration system in role-based authorization infrastructures: design and implementation
SAC '03: Proceedings of the 2003 ACM symposium on Applied computingIn this paper we describe a system whose purpose is to help establish a valid set of roles and role hierarchies with assigned users and associated permissions. We have designed and implemented the system, called RA system, which enables role ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© The Author(s) 2016.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 01 July 2016
Accepted: 22 January 2016
Revision received: 14 November 2015
Received: 09 March 2015
Published in FAC Volume 28, Issue 4
Author Tags
Qualifiers
- Research-article
Funding Sources
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 48Total Downloads
- Downloads (Last 12 months)32
- Downloads (Last 6 weeks)4
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in