Type Based Discretionary Access Control
CONCUR 2004 - CONCURRENCY THEORY, PROCEEDINGS(2004)
摘要
Discretionary Access Control (DAC) systems provide powerful mechanisms for resource management based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for concurrent and distributed systems represented as terms of Cardelli, Ghelli and Gordon's pi calculus with groups [2]. In our theory, groups play the role of principals, and the structure of types allows fine-grained mechanisms to be specified to govern the transmission of names, to bound the (iterated) re-transmission of capabilities, to predicate their use on the inability to pass them to third parties,... and more. The type system relies on subtyping to help achieve a selective distribution of capabilities, based on the groups in control of the communication channels. Type preservation provides the basis for a safety theorem stating that in well-typed processes all names flow according to the delivery policies specified by their types, and are received at the intended sites with the intended capabilities.
更多查看译文
关键词
distributed system,type system,discretionary access control,resource manager,communication channels
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络