A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
Design for dynamic user-role-based security
Computers and Security
The management of computer security profiles using a role-oriented approach
Computers and Security
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Theoretical Computer Science
A logical framework for reasoning about access control models
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Distributed credential chain discovery in trust management: extended abstract
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Resource access control in systems of mobile agents
Information and Computation
ACM Transactions on Programming Languages and Systems (TOPLAS)
Lattice-Based Access Control Models
Computer
Seal: A Framework for Secure Mobile Computations
ICCL'98 Workshop on Internet Programming Languages
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Reasoning about Security in Mobile Ambients
CONCUR '01 Proceedings of the 12th International Conference on Concurrency Theory
Communication Interference in Mobile Boxed Ambients
FST TCS '02 Proceedings of the 22nd Conference Kanpur on Foundations of Software Technology and Theoretical Computer Science
Ambient Groups and Mobility Types
TCS '00 Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics
FoSSaCS '98 Proceedings of the First International Conference on Foundations of Software Science and Computation Structure
A Formal Model for Role-Based Access Control with Constraints
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Access control for mobile agents: The calculus of boxed ambients
ACM Transactions on Programming Languages and Systems (TOPLAS)
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
A Distributed Calculus for Rôle-Based Access Control
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Security Policies as Membranes in Systems for Global Computing
Electronic Notes in Theoretical Computer Science (ENTCS)
FOSSACS'03/ETAPS'03 Proceedings of the 6th International conference on Foundations of Software Science and Computation Structures and joint European conference on Theory and practice of software
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Boxed ambients with communication interfaces
Mathematical Structures in Computer Science
Access control in mobile ambient calculi: A comparative view
Theoretical Computer Science
Role-based access control for boxed ambients
Theoretical Computer Science
| Hi-index | 0.00 |
Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question. In this paper we propose a a mechanisms for specifying access privileges based on a combination of the identity of the user seeking access, its credentials, and the location from which he seeks it, within a reconfigurable nested structure. We define BACIR, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACIR is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process's owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: 1) attempting to move into an ambient without having the authorizing roles granting entry activated and 2) trying to use a communication port without having the roles required for access activated. We accomplish 1) and 2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks.