Skip to Main content Skip to Navigation
Journal articles

A Type System for Discretionary Access Control

Abstract : Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon's pi-calculus with groups (Cardelli et al. 2005). In our theory, groups play the role of principals and form the unit of abstraction for our access control policies, and types allow the specification of fine-grained access control policies to govern the transmission of names, bound the (iterated) re-transmission of capabilities and predicate their use on the inability to pass them to third parties. The type system relies on subtyping to achieve a selective distribution of capabilities to the groups that control the communication channels. We show that the typing and subtyping relationships of the calculus are decidable.
Document type :
Journal articles
Complete list of metadata
Contributor : Dario Colazzo Connect in order to contact the contributor
Submitted on : Sunday, November 14, 2010 - 7:33:02 PM
Last modification on : Tuesday, January 18, 2022 - 12:18:01 PM


  • HAL Id : inria-00535981, version 1



Michele Bugliesi, Dario Colazzo, Silvia Crafa, Damiano Macedonio. A Type System for Discretionary Access Control. Mathematical Structures in Computer Science, Cambridge University Press (CUP), 2009. ⟨inria-00535981⟩



Les métriques sont temporairement indisponibles