A type system for Discretionary Access Control

Bugliesi, Michele; Colazzo, Dario; Crafa, Silvia; Macedonio, Damiano

doi:10.1017/s0960129509007762

Cited by 7 publications

(4 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance the work on the Dπ calculus has introduced sophisticated type systems for controlling the access to distributed resources [11,12]. Furthermore, discretionary access control has been considered in [4] which similarly to our work employs the π-calculus with groups, while role-based access control (RBAC) has been considered in [3,9,6]. In addition, authorization policies and their analysis via type checking has been considered in a number of papers including [10,1].…”

Section: Related Workmentioning

confidence: 99%

Type Checking Privacy Policies in the π-calculus

Kouzapas

Philippou

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper we propose a formal framework for studying privacy. Our framework is based on the π-calculus with groups accompanied by a type system for capturing privacy requirements relating to information collection, information processing and information dissemination. The framework incorporates a privacy policy language. We show that a system respects a privacy policy if the typing of the system is compatible with the policy. We illustrate our methodology via analysis of privacy-aware schemes proposed for electronic traffic pricing.

show abstract

Section: Related Workmentioning

confidence: 99%

Type Checking Privacy Policies in the π-calculus

Kouzapas

Philippou

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…For instance the work on the Dπ calculus has introduced sophisticated type systems for controlling the access to resources advertised at different locations [25,26,24]. Furthermore, discretionary access control has been considered in [8] which similarly to our work employs the π-calculus with groups, while role-based access control (RBAC) has been considered in [7,20,13]. In addition, authorization policies and their analysis via type checking has been considered in a number of papers including [22,2,6].…”

Section: Lemma 62 (Strengthening)mentioning

confidence: 99%

Privacy by typing in the $\pi$-calculus

Kouzapas¹,

Philippou²

2017

View full text Add to dashboard Cite

In this paper we propose a formal framework for studying privacy in information systems. The proposal follows a two-axes schema where the first axis considers privacy as a taxonomy of rights and the second axis involves the ways an information system stores and manipulates information. We develop a correspondence between the schema above and an associated model of computation. In particular, we propose the Privacy calculus, a calculus based on the π-calculus with groups extended with constructs for reasoning about private data. The privacy requirements of an information system are captured via a privacy policy language. The correspondence between the privacy model and the Privacy calculus semantics is established using a type system for the calculus and a satisfiability definition between types and privacy policies. We deploy a type preservation theorem to show that a system respects a policy and it is safe if the typing of the system satisfies the policy. We illustrate our methodology via analysis of two use cases: a privacy-aware scheme for electronic traffic pricing and a privacy-preserving technique for speed-limit enforcement. LOGICAL METHODS lI N COMPUTER SCIENCE

show abstract

“…Types for Access Control: types have been extensively used to prove that programs or distributed processes comply with an underlying access control policy, see, e.g., [26], [27], [28], [29], [30]. In the realm of ARBAC, types have been studied by Braghin et al [31] and Jagadeesan et al [32].…”

Section: B Related Workmentioning

confidence: 99%

Compositional Typed Analysis of ARBAC Policies

Calzavara

Rabitti

Bugliesi

2015

2015 IEEE 28th Computer Security Foundations Symposium

Self Cite

View full text Add to dashboard Cite

Model-checking is a popular approach to the security analysis of ARBAC policies, but its effectiveness is hindered by the exponential explosion of the ways in which different users can be assigned to different role combinations. In this paper we propose a paradigm shift, based on the observation that, while verifying ARBAC by exhaustive state search is complex, realistic policies often have rather simple security proofs, and we propose to use types as an effective tool to leverage this simplicity. Concretely, we present a static type system to verify the security of ARBAC policies, along with a sound and complete type inference algorithm used to automate the verification process. We then introduce compositionality results, which identify sufficient conditions to preserve the security guarantees obtained by the verification of different sub-policies when these sub-policies are combined together: this compositional reasoning is crucial when policy administration is highly distributed and naturally supports the security analysis of evolving ARBAC policies. We evaluate our approach by implementing TAPA, a static analyser for ARBAC policies based on our theory, which we test on a number of relatively large, publicly available policies from the literature

show abstract

A type system for Discretionary Access Control

Cited by 7 publications

References 38 publications

Type Checking Privacy Policies in the π-calculus

Type Checking Privacy Policies in the π-calculus

Privacy by typing in the $\pi$-calculus

Compositional Typed Analysis of ARBAC Policies

Contact Info

Product

Resources

About