Name
Abstract | ||
|---|---|---|
Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.4204/EPTCS.203.6 | ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE |
DocType | Issue | ISSN |
Journal | 203 | 2075-2180 |
Citations | PageRank | References |
0 | 0.34 | 6 |
Authors | ||
5 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Silvia Ghilezan | 1 | 1 | 1.40 |
| Svetlana Jakšić | 2 | 15 | 2.76 |
| Jovanka Pantovic | 3 | 37 | 14.71 |
| Jorge A. Pérez | 4 | 222 | 21.19 |
| Hugo Torres Vieira | 5 | 134 | 11.17 |