Type Based Discretionary Access Control.
Silvia Crafa
Abstract
Discretionary Access Control (DAC) systems provide powerful
mechanisms for resource management based on the selective distribution of
capabilities to selected classes of principals. We study a type-based
theory of DAC models for concurrent and distributed systems
represented as terms of pi calculus with groups. In our theory,
groups play the role of principals, and the structure of types allows
fine-grained mechanisms to be specified to govern the transmission of
names, to bound the (iterated) re-transmission of capabilities, to
predicate their use on the inability to pass them to third parties,
... and more. We prove a safety theorem
showing that in well-typed processes all names flow according to the
delivery policies specified by their types, and are received at the
intended sites with the intended capabilities.