A Type System for Discretionary Access Control

Abstract : Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon's pi-calculus with groups (Cardelli et al. 2005). In our theory, groups play the role of principals and form the unit of abstraction for our access control policies, and types allow the specification of fine-grained access control policies to govern the transmission of names, bound the (iterated) re-transmission of capabilities and predicate their use on the inability to pass them to third parties. The type system relies on subtyping to achieve a selective distribution of capabilities to the groups that control the communication channels. We show that the typing and subtyping relationships of the calculus are decidable.
Type de document :
Article dans une revue
Mathematical Structures in Computer Science, Cambridge University Press (CUP), 2009
Liste complète des métadonnées

https://hal.inria.fr/inria-00535981
Contributeur : Dario Colazzo <>
Soumis le : dimanche 14 novembre 2010 - 19:33:02
Dernière modification le : jeudi 14 juin 2018 - 10:54:02

Identifiants

  • HAL Id : inria-00535981, version 1

Collections

Citation

Michele Bugliesi, Dario Colazzo, Silvia Crafa, Damiano Macedonio. A Type System for Discretionary Access Control. Mathematical Structures in Computer Science, Cambridge University Press (CUP), 2009. 〈inria-00535981〉

Partager

Métriques

Consultations de la notice

112