A Typed Model for Dynamic Authorizations

Silvia Ghilezan
(University of Novi Sad, Serbia)
Svetlana Jakšić
(University of Novi Sad, Serbia)
Jovanka Pantović
(University of Novi Sad, Serbia)
Jorge A. Pérez
(University of Groningen, The Netherlands)
Hugo Torres Vieira
(IMT Institute for Advanced Studies Lucca, Italy)

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.

In Simon Gay and Jade Alglave: Proceedings Eighth International Workshop on Programming Language Approaches to Concurrency- and Communication-cEntric Software (PLACES 2015), London, UK, 18th April 2015, Electronic Proceedings in Theoretical Computer Science 203, pp. 73–84.
Published: 10th February 2016.

ArXived at: https://dx.doi.org/10.4204/EPTCS.203.6 bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org