Formal Aspects of Computing

, Volume 28, Issue 4, pp 643–667 | Cite as

Dynamic role authorization in multiparty conversations

  • Silvia Ghilezan
  • Svetlana Jakšić
  • Jovanka Pantović
  • Jorge A. PérezEmail author
  • Hugo Torres VieiraEmail author
Open Access
Original Article


Protocols in distributed settings usually rely on the interaction of several parties and often identify the roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of role authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single role, or in which one site may be authorized to act on behalf of different roles. This flexibility must be equipped with ways of controlling the roles that the different parties are authorized to represent, including the challenging case in which role authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic role authorization and delegation. Building on previous work on conversation types with role assignment, our formal model is based on an extension of the \({\pi}\)-calculus in which the basic resources are pairs channel-role, which denote the access right of interacting along a given channel representing the given role. To specify dynamic authorization control, our process model includes (1) a novel scoping construct for authorization domains, and (2) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error then corresponds to an action involving a channel and a role not enclosed by an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, including when parties dynamically acquire authorizations.


Software verification Type systems Behavioral types Process calculi Authorization control 


  1. BCCDC11.
    Bono V, Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) A reputation system for multirole sessions. In: Roberto B, Vladimiro S (eds) Trustworthy Global Computing—6th International Symposium, TGC 2011, Aachen, Germany, June 9-10, 2011. Revised Selected Papers, vol. 7173 of Lecture Notes in Computer Science. Springer, pp 1–24Google Scholar
  2. BCD+15.
    Bartoletti M, Castellani I, Deniélou P, Dezani-Ciancaglini M, Ghilezan S, Pantovic J, Pérez JA, Thiemann P, Toninho B, Vieira HT (2015) Combining behavioural types with security analysis. J Log Algebr Meth Program, 84(6): 763–780MathSciNetCrossRefzbMATHGoogle Scholar
  3. BCG05.
    Bonelli E, Compagnoni AB, Gunter EL (2005) Correspondence assertions for process synchronization in concurrent communications. J Funct Program 15(2): 219–247MathSciNetCrossRefzbMATHGoogle Scholar
  4. BCVV12.
    Baltazar P, Caires L, Vasconcelos VT, Vieira HT (2012) A type system for flexible role assignment in multiparty communicating systems. In: Catuscia P and Mark Dermot R (eds) Trustworthy Global Computing—7th International Symposium, TGC2012, Revised Selected Papers, Vol 8191 of Lecture Notes in Computer Science. Springer, pp 82–96Google Scholar
  5. CCDC11.
    Capecchi S, Castellani I, Dezani-Ciancaglini M (2011) Information flow safety in multiparty sessions. In: Bas L and Frank V (eds) Proceedings 18th International Workshop on Expressiveness in Concurrency, EXPRESS 2011, Aachen, Germany, 5th September 2011, Vol 64 EPTCS, pp 16–30Google Scholar
  6. CCDCR10.
    Capecchi S, Castellani I, Dezani-Ciancaglini M, Rezk T (2010) Session types for access and information flow control. In: Paul G, François L (eds) CONCUR 2010—Concurrency Theory, 21th International Conference, CONCUR 2010, Paris, France, August 31–September 3, 2010. Proceedings, Vol 6269 of Lecture Notes in Computer Science, Springer, pp 237–252Google Scholar
  7. CPN98.
    David G, Clarke, Potter J, Noble J (1998) Ownership types for flexible alias protection. In: Bjørn N. Freeman-Benson and Craig Chambers (eds) Proceedings of the 1998 ACMSIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA ’98), Vancouver, British Columbia, Canada, October 18-22, 1998. ACM, pp 48–64Google Scholar
  8. CV10.
    Caires L, Vieira HT (2010) Conversation types. Theor Comp Sci 411(51–52): 4399–4440MathSciNetCrossRefzbMATHGoogle Scholar
  9. DGJP10.
    Dezani-Ciancaglini M, Ghilezan S, Jaksic S, Pantovic J (2010) Types for role-based access control of dynamic web data. In Julio Mariño (ed) Functional and Constraint Logic Programming—19th International Workshop, WFLP 2010, Madrid, Spain, January 17, 2010. Revised Selected Papers, volume 6559 of Lecture Notes in Computer Science. Springer, pp 1–29Google Scholar
  10. DY11.
    Pierre-Malo D, Yoshida N (2011) Dynamic multirole session types. In: Thomas B, Mooly S (eds) Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011, ACM, pp 435–446Google Scholar
  11. FGM07.
    Fournet C, Gordon AD, Maffeis S (2007) A type discipline for authorization policies. ACM Trans Program Lang Syst, 29(5)Google Scholar
  12. GJP+14.
    Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2014) Dynamic role authorization in multiparty conversations. In: Proceedings of BEAT 2014, Vol. 162 of EPTCS, pp 1–8Google Scholar
  13. GJP+15.
    Ghilezan S, Jaksic S, Pantovic J, Pérez JA, Vieira HT (2016) A typed model for dynamic authorizations. In: Gay S,Alglave J (eds) Proceedings Eighth InternationalWorkshop on Programming Language Approaches to Concurrency- and CommunicationcEntric Software, London, 18thApril 2015. Electronic Proceedings in TheoreticalComputer Science, vol 203. Open Publishing Association, pp 73–84. doi: 10.4204/EPTCS.203.6
  14. GP09.
    Gorla D, Pugliese R (2009) Dynamic management of capabilities in a network aware coordination language. J Log Algebr Program 78(8): 665–689MathSciNetCrossRefzbMATHGoogle Scholar
  15. GPV12.
    Giunti M, Palamidessi C, Valencia FD (2012) Hide and new in the pi-calculus. In: Proceedings Combined 19th International Workshop on Expressiveness in Concurrency and 9th Workshop on Structured Operational Semantics, EXPRESS/SOS 2012, volume 89 of EPTCS, pp 65–79Google Scholar
  16. HLV+16.
    Huttel H, Lanese I, Vasconcelos VT, Caires L, Carbone M, Pierre-Malo D, Mostrous D, Padovani L, Ravara A, Tuosto E, Vieira HT, Zavattaro G (2016) Foundations of behavioural types. ACM Comput. Surv. To appear. Preliminary version available at
  17. HRU76.
    Michael A, Harrison, Walter L, Ruzzo, Jeffrey D (1976) Ullman. Protection in operating systems. Commun ACM 19(8): 461–471CrossRefzbMATHGoogle Scholar
  18. Lam74.
    Lampson BW (1974) Protection. Operating Syst Rev 8(1): 18–24CrossRefzbMATHGoogle Scholar
  19. LPT07.
    Lapadula A, Pugliese R, Tiezzi F (2007) Regulating data exchange in service oriented applications. In Farhad Arbab and Marjan Sirjani, editors, International Symposium on Fundamentals of Software Engineering, International Symposium, FSEN 2007, Tehran, Iran, April 17-19, 2007, Proceedings, volume 4767 of Lecture Notes in Computer Science. Springer, pp 223–239Google Scholar
  20. San92.
    Sandhu RS (1992) The typed access matrix model. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, May 4–6, 1992. IEEE Computer Society, pp 122–136Google Scholar
  21. SCC10.
    Swamy N, Chen J, Chugh R (2010) Enforcing stateful authorization and information flow policies in fine. In: Programming Languages and Systems, 19th European Symposium on Programming, ESOP 2010, Proceedings, Vol 6012 of Lecture Notes in Computer Science, Springer, pp 529–549Google Scholar
  22. SdV00.
    Samarati P, De Capitani di Vimercati S (2000) Access control: Policies, models, and mechanisms. In: Riccardo Focardi, Roberto Gorrieri (eds) Foundations of Security Analysis and Design, Tutorial Lectures [revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, FOSAD 2000, Bertinoro, Italy, September 2000], Vol. 2171 of Lecture Notes in Computer Science. Springer, pp 137–196Google Scholar
  23. SW01.
    Sangiorgi D, Walker D (2001) The Pi-Calculus—a theory of mobile processes. Cambridge University PressGoogle Scholar
  24. VY02.
    Vivas J, Yoshida N (2002) Dynamic channel screening in the higher order pi-calculus. Electr Notes Theor Comput Sci 66(3): 170–184CrossRefGoogle Scholar

Copyright information

© The Author(s) 2016

Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (, which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Authors and Affiliations

  1. 1.University of Novi SadNovi SadSerbia
  2. 2.University of GroningenGroningenThe Netherlands
  3. 3.IMT School for Advanced Studies LuccaLuccaItaly

Personalised recommendations