Skip to main content

Dynamic role authorization in multiparty conversations

Abstract

Protocols in distributed settings usually rely on the interaction of several parties and often identify the roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of role authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single role, or in which one site may be authorized to act on behalf of different roles. This flexibility must be equipped with ways of controlling the roles that the different parties are authorized to represent, including the challenging case in which role authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic role authorization and delegation. Building on previous work on conversation types with role assignment, our formal model is based on an extension of the \({\pi}\)-calculus in which the basic resources are pairs channel-role, which denote the access right of interacting along a given channel representing the given role. To specify dynamic authorization control, our process model includes (1) a novel scoping construct for authorization domains, and (2) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error then corresponds to an action involving a channel and a role not enclosed by an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, including when parties dynamically acquire authorizations.

References

  1. BCCDC11

    Bono V, Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) A reputation system for multirole sessions. In: Roberto B, Vladimiro S (eds) Trustworthy Global Computing—6th International Symposium, TGC 2011, Aachen, Germany, June 9-10, 2011. Revised Selected Papers, vol. 7173 of Lecture Notes in Computer Science. Springer, pp 1–24

  2. BCD+15

    Bartoletti M, Castellani I, Deniélou P, Dezani-Ciancaglini M, Ghilezan S, Pantovic J, Pérez JA, Thiemann P, Toninho B, Vieira HT (2015) Combining behavioural types with security analysis. J Log Algebr Meth Program, 84(6): 763–780

    MathSciNet  Article  MATH  Google Scholar 

  3. BCG05

    Bonelli E, Compagnoni AB, Gunter EL (2005) Correspondence assertions for process synchronization in concurrent communications. J Funct Program 15(2): 219–247

    MathSciNet  Article  MATH  Google Scholar 

  4. BCVV12

    Baltazar P, Caires L, Vasconcelos VT, Vieira HT (2012) A type system for flexible role assignment in multiparty communicating systems. In: Catuscia P and Mark Dermot R (eds) Trustworthy Global Computing—7th International Symposium, TGC2012, Revised Selected Papers, Vol 8191 of Lecture Notes in Computer Science. Springer, pp 82–96

  5. CCDC11

    Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) Information flow safety in multiparty sessions. In: Bas L and Frank V (eds) Proceedings 18th International Workshop on Expressiveness in Concurrency, EXPRESS 2011, Aachen, Germany, 5th September 2011, Vol 64 EPTCS, pp 16–30

  6. CCDCR10

    Capecchi S, Castellani I, Dezani-Ciancaglini M, Rezk T (2010) Session types for access and information flow control. In: Paul G, François L (eds) CONCUR 2010—Concurrency Theory, 21th International Conference, CONCUR 2010, Paris, France, August 31–September 3, 2010. Proceedings, Vol 6269 of Lecture Notes in Computer Science, Springer, pp 237–252

  7. CPN98

    David G, Clarke, Potter J, Noble J (1998) Ownership types for flexible alias protection. In: Bjørn N. Freeman-Benson and Craig Chambers (eds) Proceedings of the 1998 ACMSIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA ’98), Vancouver, British Columbia, Canada, October 18-22, 1998. ACM, pp 48–64

  8. CV10

    Caires L, Vieira HT (2010) Conversation types. Theor Comp Sci 411(51–52): 4399–4440

    MathSciNet  Article  MATH  Google Scholar 

  9. DGJP10

    Dezani-Ciancaglini M, Ghilezan S, Jaksic S, Pantovic J (2010) Types for role-based access control of dynamic web data. In Julio Mariño (ed) Functional and Constraint Logic Programming—19th International Workshop, WFLP 2010, Madrid, Spain, January 17, 2010. Revised Selected Papers, volume 6559 of Lecture Notes in Computer Science. Springer, pp 1–29

  10. DY11

    Pierre-Malo D, Yoshida N (2011) Dynamic multirole session types. In: Thomas B, Mooly S (eds) Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011, ACM, pp 435–446

  11. FGM07

    Fournet C, Gordon AD, Maffeis S (2007) A type discipline for authorization policies. ACM Trans Program Lang Syst, 29(5)

  12. GJP+14

    Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2014) Dynamic role authorization in multiparty conversations. In: Proceedings of BEAT 2014, Vol. 162 of EPTCS, pp 1–8

  13. GJP+15

    Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2016) A typed model for dynamic authorizations. In: Gay S,Alglave J (eds) Proceedings Eighth InternationalWorkshop on Programming Language Approaches to Concurrency- and CommunicationcEntric Software, London, 18thApril 2015. Electronic Proceedings in TheoreticalComputer Science, vol 203. Open Publishing Association, pp 73–84. doi:10.4204/EPTCS.203.6

  14. GP09

    Gorla D, Pugliese R (2009) Dynamic management of capabilities in a network aware coordination language. J Log Algebr Program 78(8): 665–689

    MathSciNet  Article  MATH  Google Scholar 

  15. GPV12

    Giunti M, Palamidessi C, Valencia FD (2012) Hide and new in the pi-calculus. In: Proceedings Combined 19th International Workshop on Expressiveness in Concurrency and 9th Workshop on Structured Operational Semantics, EXPRESS/SOS 2012, volume 89 of EPTCS, pp 65–79

  16. HLV+16

    Huttel H, Lanese I, Vasconcelos VT, Caires L, Carbone M, Pierre-Malo D, Mostrous D, Padovani L, Ravara A, Tuosto E, Vieira HT, Zavattaro G (2016) Foundations of behavioural types. ACM Comput. Surv. To appear. Preliminary version available at http://www.behavioural-types.eu/publications/.

  17. HRU76

    Michael A, Harrison, Walter L, Ruzzo, Jeffrey D (1976) Ullman. Protection in operating systems. Commun ACM 19(8): 461–471

    Article  MATH  Google Scholar 

  18. Lam74

    Lampson BW (1974) Protection. Operating Syst Rev 8(1): 18–24

    Article  MATH  Google Scholar 

  19. LPT07

    Lapadula A, Pugliese R, Tiezzi F (2007) Regulating data exchange in service oriented applications. In Farhad Arbab and Marjan Sirjani, editors, International Symposium on Fundamentals of Software Engineering, International Symposium, FSEN 2007, Tehran, Iran, April 17-19, 2007, Proceedings, volume 4767 of Lecture Notes in Computer Science. Springer, pp 223–239

  20. San92

    Sandhu RS (1992) The typed access matrix model. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, May 4–6, 1992. IEEE Computer Society, pp 122–136

  21. SCC10

    Swamy N, Chen J, Chugh R (2010) Enforcing stateful authorization and information flow policies in fine. In: Programming Languages and Systems, 19th European Symposium on Programming, ESOP 2010, Proceedings, Vol 6012 of Lecture Notes in Computer Science, Springer, pp 529–549

  22. SdV00

    Samarati P, De Capitani di Vimercati S (2000) Access control: Policies, models, and mechanisms. In: Riccardo Focardi, Roberto Gorrieri (eds) Foundations of Security Analysis and Design, Tutorial Lectures [revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, FOSAD 2000, Bertinoro, Italy, September 2000], Vol. 2171 of Lecture Notes in Computer Science. Springer, pp 137–196

  23. SW01

    Sangiorgi D, Walker D (2001) The Pi-Calculus—a theory of mobile processes. Cambridge University Press

  24. VY02

    Vivas J, Yoshida N (2002) Dynamic channel screening in the higher order pi-calculus. Electr Notes Theor Comput Sci 66(3): 170–184

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding authors

Correspondence to Jorge A. Pérez or Hugo Torres Vieira.

Additional information

Thomas Hildebrandt, Joachim Parrow, Matthias Weidlich, and Marco Carbone

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Ghilezan, S., Jakšić, S., Pantović, J. et al. Dynamic role authorization in multiparty conversations. Form Asp Comp 28, 643–667 (2016). https://doi.org/10.1007/s00165-016-0363-5

Download citation

Keywords

  • Software verification
  • Type systems
  • Behavioral types
  • Process calculi
  • Authorization control