A Typed Model for Dynamic Authorizations

IF 0.1 4区历史学 0 ARCHAEOLOGY Journal of Historic Buildings and Places Pub Date : 2016-02-11 DOI:10.4204/EPTCS.203.6

S. Ghilezan, S. Jaksic, J. Pantović, Jorge A. Pérez, H. Vieira

{"title":"A Typed Model for Dynamic Authorizations","authors":"S. Ghilezan, S. Jaksic, J. Pantović, Jorge A. Pérez, H. Vieira","doi":"10.4204/EPTCS.203.6","DOIUrl":null,"url":null,"abstract":"Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.","PeriodicalId":53164,"journal":{"name":"Journal of Historic Buildings and Places","volume":"1 1","pages":"73-84"},"PeriodicalIF":0.1000,"publicationDate":"2016-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Historic Buildings and Places","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4204/EPTCS.203.6","RegionNum":4,"RegionCategory":"历史学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"0","JCRName":"ARCHAEOLOGY","Score":null,"Total":0}

引用次数: 3

Abstract

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

动态授权的类型化模型

分布式软件系统中的安全需求本质上是动态的。在授权策略的情况下，资源只能由授权方访问，但是访问资源的授权可以动态授予/授予。我们描述了用于指定通信和动态授权处理的模型上正在进行的工作。我们以pi演算为基础，通过授权规范和委托来丰富基于通信的系统;这里的授权是指通道使用，而委托是指将授权授予另一方的行为。我们的模型包括:(i)授权的新范围结构，它允许指定授权边界，以及(ii)授权的通信原语，它允许传递授权以在给定通道上进行操作。授权错误可能包括，例如，执行一个不在适当授权范围内的名称的操作。我们引入了一种类型规则，以确保流程永远不会减少授权错误，即使在动态委派授权时也是如此。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助