A Type System for Discretionary Access Control

Abstract : Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon's pi-calculus with groups (Cardelli et al. 2005). In our theory, groups play the role of principals and form the unit of abstraction for our access control policies, and types allow the specification of fine-grained access control policies to govern the transmission of names, bound the (iterated) re-transmission of capabilities and predicate their use on the inability to pass them to third parties. The type system relies on subtyping to achieve a selective distribution of capabilities to the groups that control the communication channels. We show that the typing and subtyping relationships of the calculus are decidable.
Document type :
Journal articles
Complete list of metadatas

https://hal.inria.fr/inria-00535981
Contributor : Dario Colazzo <>
Submitted on : Sunday, November 14, 2010 - 7:33:02 PM
Last modification on : Tuesday, August 6, 2019 - 4:56:11 PM

Identifiers

  • HAL Id : inria-00535981, version 1

Collections

Citation

Michele Bugliesi, Dario Colazzo, Silvia Crafa, Damiano Macedonio. A Type System for Discretionary Access Control. Mathematical Structures in Computer Science, Cambridge University Press (CUP), 2009. ⟨inria-00535981⟩

Share

Metrics

Record views

158