Abstract
This paper presents a type system to control the migration of code between network nodes in a concurrent distributed framework, using the Dπ language. We express resource access policies as types and enforce policies via a type system. Types describe paths travelled by migrating code, enabling the control of history sensitive access to resources. Sites are logically organised in subnetworks that share the same security policies, statically specified by a network administrator. The type system guarantees that well-typed networks are exempt from security policy violations at runtime.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11580850_20 .
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of NDSSS 2003, pp. 107–121 (2003)
Boudol, G.: Asynchrony and the π-calculus. In: Rapport de Recherche, INRIA Sophia-Antipolis, vol. 1702 (1992)
Boudol, G., Castellani, I., Germain, F., Lacoste, M.: Models of distribution and mobility: State of the art. Mikado Deliverable D1.1.1 (2002)
Bugliesi, M., Colazzo, D., Crafa, S.: Type based discretionary access control. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 225–239. Springer, Heidelberg (2004)
Cardelli, L., Ghelli, G., Gordon, A.: Mobility types for mobile ambients. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, p. 230. Springer, Heidelberg (1999)
Cardelli, L., Ghelli, G., Gordon, A.: Ambient groups and mobility types. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, p. 333. Springer, Heidelberg (2000)
Cardelli, L., Gordon, A.: Mobile ambients. Theoretical Computer Science 240(1), 177–213 (2000)
Chothia, T., Stark, I.: A distributed pi-calculus with local areas of communication. ENTCS vol. 41
De Nicola, R., Ferrari, G., Pugliese, R.: Klaim: a Kernel Language for Agents Interaction and mobility. IEEE Trans. in Software Engineering 24(5), 315–330 (1998)
De Nicola, R., Ferrari, G., Pugliese, R., Veneri, B.: Types for access control. Theoretical Computer Science 240(1), 215–254 (2000)
Edjlali, G., Anurag, A., Vipin, C.: History-based access-control for mobile code. In: Proceedings of CCS 1988 (1998)
Gorla, D., Pugliese, R.: Resource access and mobility control with dynamic privileges acquisition. In: Baeten, J.C.M., Lenstra, J.K., Parrow, J., Woeginger, G.J. (eds.) ICALP 2003. LNCS, vol. 2719, pp. 119–132. Springer, Heidelberg (2003)
Gorla, D., Pugliese, R.: Controlling data movement in global computing applications. In: Proceedings of SAC 2004. ACM Press, New York (2004)
Hennessy, M., Merro, M., Rathke, J.: Towards a behavioural theory of access and mobility control in distributed systems. Theoretical Computer Science (2003)
Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. Journal of Information and Computation 173, 82–120 (2002)
Honda, K., Tokoro, M.: An object calculus for asynchronous communication. In: America, P. (ed.) ECOOP 1991. LNCS, vol. 512, pp. 133–147. Springer, Heidelberg (1991)
Lhoussaine, C., Sassone, V.: A dependently typed ambient calculus. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, Springer, Heidelberg (2003)
Martins, F., Ravara, A.: Typing migration control in lsdπ. In: Sabelfield, A. (ed.) Proceedings of FCS 2004. TUCS (2004)
Martins, F., Vasconcelos, V.: Controlling security policies in a distributed environment. DI/FCUL TR 04–01 (2004)
Myers, A., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)
Pierce, B., Sangiorgi, D.: Typing and subtyping for mobile processes. Mathematical Structures in Computer Science 6(5), 409–454 (1996)
Ravara, A., Matos, A., Vasconcelos, V., Lopes, L.: Lexically scoping distribution: what you see is what you get. In: FGC: Foundations of Global Computing. ENTCS, vol. 85(1)
Zwicky, E., Cooper, S., Chapman, D.: Building Internet Firewalls, 2nd edn. O’Reilly & Associates (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Martins, F., Vasconcelos, V. (2005). History-Based Access Control for Distributed Processes. In: De Nicola, R., Sangiorgi, D. (eds) Trustworthy Global Computing. TGC 2005. Lecture Notes in Computer Science, vol 3705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11580850_7
Download citation
DOI: https://doi.org/10.1007/11580850_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30007-6
Online ISBN: 978-3-540-31483-7
eBook Packages: Computer ScienceComputer Science (R0)