article

Role-based access control for boxed ambients

Authors:

Adriana Compagnoni,

Elsa L. Gunter,

Philippe BidingerAuthors Info & Claims

Theoretical Computer Science, Volume 398, Issue 1-3

Pages 203 - 216

https://doi.org/10.1016/j.tcs.2008.01.040

Published: 20 May 2008 Publication History

Abstract

Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question. In this paper we describe a calculus for mobile processes and propose a mechanism for specifying access privileges based on a combination of the identity of the users seeking access, their credentials, and the location from which they seek it, within a reconfigurable nested structure. We define BACI"R, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACI"R is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process's owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: (1) attempting to move into an ambient without having the authorizing roles granting entry activated and (2) trying to use a communication port without having the roles required for access activated. We accomplish (1) and (2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks.

References

[1]

Ahn, G.J. and Sandhu, R., Role-based authorization constraints specification. ACM Transactions on Information and System Security. v3 i4. 207-226.

Digital Library

[2]

Bertino, E., Catania, B., Ferrari, E. and Perlasca, P., A logical framework for reasoning about access control models. In: Proc. of 6th SACMAT, ACM Press. pp. 41-52.

Digital Library

[3]

Bonelli, Eduardo, Compagnoni, Adriana, Dezani-Ciancaglini, Mariangiola and Garralda, Pablo, Boxed ambients with communication interfaces (BACI). In: Lecture Notes in Computer Science, vol. 3153. pp. 119-148.

[4]

Braghin, C., Gorla, D. and Sassone, V., Rôle-based access control for a distributed calculus. Journal of Computer Security. v14 i2. 113-155.

Digital Library

[5]

Bugliesi, Michele, Castagna, Giuseppe and Crafa, Silvia, Reasoning about security in mobile ambients. In: CONCUR¿01: Proceedings of the 12th International Conference on Concurrency Theory, Springer-Verlag, London, UK. pp. 102-120.

Digital Library

[6]

Bugliesi, Michele, Castagna, Giuseppe and Crafa, Silvia, Access control for mobile agents: The calculus of boxed ambients. ACM Transactions on Programming Languages and Systems. v26 i1. 57-124.

Digital Library

[7]

Bugliesi, Michele, Crafa, Silvia, Merro, Massimo and Sassone, Vladimiro, Communication interference in mobile boxed ambients. In: LNCS, vol. 2556. Springer. pp. 71-84.

Digital Library

[8]

Bugliesi, Michele, Crafa, Silvia, Merro, Massimo and Sassone, Vladimiro, Communication and mobility control in boxed ambients. Information and Computation. v202 i1. 39-86.

[9]

Cardelli, Luca, Ghelli, Giorgio and Gordon, Andrew D., Ambient groups and mobility types. In: van Leeuwen, Jan, Watanabe, Osamu, Hagiya, Masami, Mosses, Peter D., Ito, Takayasu (Eds.), Lecture Notes in Computer Science, vol. 1872. Springer-Verlag, Berlin. pp. 333-347.

Digital Library

[10]

Cardelli, Luca and Gordon, Andrew D., Mobile ambients. In: Foundations of Software Science and Computation Structures: First International Conference, Springer-Verlag, Berlin, Germany.

[11]

Cardelli, Luca and Gordon, Andrew D., Mobile ambients. Theoretical Computer Science. v240 i1. 177-213.

Digital Library

[12]

Compagnoni, Adriana and Gunter, Elsa, Types for security in a mobile world. In: De Nicola, Rocco, Sangiorgi, Davide (Eds.), Lecture Notes in Computer Science, vol. 3705. Springer. pp. 75-97.

Digital Library

[13]

Adriana Compagnoni, Elsa Gunter, Philippe Bidinger, A role-based access control type system for boxed ambients, Technical Report UIUCDCS-R-2006-2753, University of Illinois at Urban-Champaign, 2006

[14]

Coppo, Mario, Dezani-Ciancaglini, Mariangiola, Giovannetti, Elio and Salvo, Ivano, M3: Mobility types for mobile processes in mobile ambients. In: Harland, James (Ed.), ENTCS, vol. 78. Elsevier.

[15]

D. Ferraiolo, R. Kuhn, Role-based access controls, in: 15th NIST-NCSC National Computer Security Conference, 1992, pp. 554¿563

[16]

Ferraiolo, David F., Sandhu, Ravi, Gavrila, Serban, Richard Kuhn, D. and Chandramouli, Ramaswamy, Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security. v4 i3. 224-274.

Digital Library

[17]

Garralda, Pablo and Compagnoni, Adriana, Splitting mobility and communication in boxed ambients. In: Fernandez, Maribel, Mackie, Ian (Eds.), ENTCS, Elsevier.

Digital Library

[18]

D. Gorla, M. Hennessy, V. Sassone, Security policies as membranes in systems for global computing, in: Foundations of Global Ubiquitous Computing, FGUC 2004, ENTCS, 2004

Digital Library

[19]

Hennessy, Matthew, Merro, Massimo and Rathke, Julian, Towards a behavioural theory of access and mobility control in distributed system (extended abstract). In: Gordon, Andrew D. (Ed.), LNCS, vol. 2620. Springer-Verlag, Berlin. pp. 282-299.

Digital Library

[20]

Hennessy, Matthew and Riely, James, Resource access control in systems of mobile agents. Information and Computation. v173 i1. 82-120.

Digital Library

[21]

Levi, Francesca and Sangiorgi, Davide, Controlling interference in ambients. Transactions on Programming Languages and Systems. v25 i1. 1-69.

Digital Library

[22]

Levi, Francesca and Sangiorgi, Davide, Mobile safe ambients. Transactions on Programming Languages and Systems. v25 i1. 1-69.

Digital Library

[23]

Li, Ninghui, Mitchell, John C. and Winsborough, William H., Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society Press. pp. 114-130.

Digital Library

[24]

Li, Ninghui, Winsborough, William H. and Mitchell, John C., Distributed credential chain discovery in trust management: Extended abstract. In: CCS ¿01: Proceedings of the 8th ACM conference on Computer and Communications Security, ACM Press. pp. 156-165.

Digital Library

[25]

Li, Ninghui, Winsborough, William H. and Mitchell, John C., Beyond proof-of-compliance: Safety and availability analysis in trust management. In: SP¿03: Proceedings of the 2003 IEEE Symposium on Security and Privacy, IEEE Computer Society. pp. 123

Digital Library

[26]

Sandhu, R.S., Coyne, E.J., Feinstein, H.L. and Youman, C.E., Role-based access control models. IEEE Computer. v29 i2. 38-47.

Digital Library

[27]

Schaad, Andreas and Moffett, Jonathan D., A lightweight approach to specification and analysis of role-based access control extensions. In: SACMAT¿02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, ACM Press. pp. 13-22.

Digital Library

[28]

Vitek, Jan and Castagna, Giuseppe, Seal: A framework for secure mobile computations. In: Bal, Henri E., Belkhouche, Boumediene, Cardelli, Luca (Eds.), Lecture Notes in Computer Science, vol. 1686. Springer-Verlag, Berlin. pp. 47-77.

Digital Library

Cited By

Unal DCaglayan M(2013)A formal role-based access control model for security policies in multi-domain mobile networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2012.09.01857:1(330-350)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.1016/j.comnet.2012.09.018
Dezani-Ciancaglini MGhilezan SJakšić SPantović J(2010)Types for role-based access control of dynamic web dataProceedings of the 19th international conference on Functional and constraint logic programming10.5555/2008270.2008272(1-29)Online publication date: 17-Jan-2010
https://dl.acm.org/doi/10.5555/2008270.2008272
Unal DAkar OCaglayan M(2010)Model checking of location and mobility related security policy specifications in ambient calculusProceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security10.5555/1885194.1885209(155-168)Online publication date: 8-Sep-2010
https://dl.acm.org/doi/10.5555/1885194.1885209

Index Terms

Role-based access control for boxed ambients
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Theory of computation
  1. Logic
  2. Models of computation
    1. Computability

Recommendations

PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Practical Role-Based Access Control

This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Theoretical Computer Science

Theoretical Computer Science Volume 398, Issue 1-3

May, 2008

265 pages

ISSN:0304-3975

Issue’s Table of Contents

Copyright © Elsevier Ltd © 2008.

Publisher

Elsevier Science Publishers Ltd.

United Kingdom

Publication History

Published: 20 May 2008

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Unal DCaglayan M(2013)A formal role-based access control model for security policies in multi-domain mobile networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2012.09.01857:1(330-350)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.1016/j.comnet.2012.09.018
Dezani-Ciancaglini MGhilezan SJakšić SPantović J(2010)Types for role-based access control of dynamic web dataProceedings of the 19th international conference on Functional and constraint logic programming10.5555/2008270.2008272(1-29)Online publication date: 17-Jan-2010
https://dl.acm.org/doi/10.5555/2008270.2008272
Unal DAkar OCaglayan M(2010)Model checking of location and mobility related security policy specifications in ambient calculusProceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security10.5555/1885194.1885209(155-168)Online publication date: 8-Sep-2010
https://dl.acm.org/doi/10.5555/1885194.1885209

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents