Silvia Ghilezan,Svetlana Jakšić,Jovanka Pantović,Jorge A. Pérez,Hugo Torres Vieira

DOI: https://doi.org/10.4204/EPTCS.162.1

2014-08-26

Abstract:Protocol specifications often identify the roles involved in communications. In multiparty protocols that involve task delegation it is often useful to consider settings in which different sites may act on behalf of a single role. It is then crucial to control the roles that the different parties are authorized to represent, including the case in which role authorizations are determined only at runtime. Building on previous work on conversation types with flexible role assignment, here we report initial results on a typed framework for the analysis of multiparty communications with dynamic role authorization and delegation. In the underlying process model, communication prefixes are annotated with role authorizations and authorizations can be passed around. We extend the conversation type system so as to statically distinguish processes that never incur in authorization errors. The proposed static discipline guarantees that processes are always authorized to communicate on behalf of an intended role, also covering the case in which authorizations are dynamically passed around in messages.

Logic in Computer Science,Programming Languages

Owen Arden,Anitha Gollamudi,Ethan Cecchetti,Stephen Chong,Andrew C. Myers

DOI: https://doi.org/10.48550/arXiv.2104.10379

2021-04-21

Abstract:Real-world applications routinely make authorization decisions based on dynamic computation. Reasoning about dynamically computed authority is challenging. Integrity of the system might be compromised if attackers can improperly influence the authorizing computation. Confidentiality can also be compromised by authorization, since authorization decisions are often based on sensitive data such as membership lists and passwords. Previous formal models for authorization do not fully address the security implications of permitting trust relationships to change, which limits their ability to reason about authority that derives from dynamic computation. Our goal is an approach to constructing dynamic authorization mechanisms that do not violate confidentiality or integrity. The Flow-Limited Authorization Calculus (FLAC) is a simple, expressive model for reasoning about dynamic authorization as well as an information flow control language for securely implementing various authorization mechanisms. FLAC combines the insights of two previous models: it extends the Dependency Core Calculus with features made possible by the Flow-Limited Authorization Model. FLAC provides strong end-to-end information security guarantees even for programs that incorporate and implement rich dynamic authorization mechanisms. These guarantees include noninterference and robust declassification, which prevent attackers from influencing information disclosures in unauthorized ways. We prove these security properties formally for all FLAC programs and explore the expressiveness of FLAC with several examples.

Cryptography and Security,Programming Languages

Changqin Huang,Guanghua Song,Yao Zheng,Deren Chen

DOI: https://doi.org/10.1007/978-3-540-30102-8_39

2004-01-01

Abstract:Large-scale scientific and engineering computation is normally accomplished through the interaction of collaborating groups and diverse heterogeneous resources. Grid computing is emerging as an applicable paradigm, whilst, there is a critical challenge of authorization in the grid infrastructure. This paper proposes a Parallelized Subtask-level Authorization Service architecture (PSAS) based on the least privilege principle, and presents a context-aware authorization approach and a flexible task management mechanism. The minimization of the privileges is conducted by decomposing the parallelizable task and re-allotting the privileges required for each subtask. The dynamic authorization is carried out by constructing a multi-value community policy and adaptively transiting the mapping. Besides applying a relevant management policy, a delegation mechanism collaboratively performs the authorization delegation for task management. In the enforcement mechanisms involved, the authors have extended the RSL specification and the proxy certificate, and have modified the Globus gatekeeper, jobmanager and the GASS library to allow authorization callouts. Therefore the authorization requirement of an application is effectively met in the presented architecture.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/GLOCOM.2011.6134072

2011-01-01

Abstract:In the service-oriented computing, a single transaction initiated by a client might invoke many different services in other administrative domains. Existing models for authorizing the access assume that all services involved in collaboration are managed by the central authority, which is not always a realistic premise. In this paper, we propose a novel authorization model for dynamic service collaboration. With the authorization discovery process, the client can discover the needed authorization for service access available in other autonomous domains. With extensions to SoD relationship, the conflicts of client interests can be formalized and expressed as constraints. The authorization problems are formalized to choose the optimal access path for each task. At last, the example and experiments show the practicality and the effectiveness of our scheme.

Daniela Inclezan

2023-05-23

Abstract:This paper introduces a framework for assisting policy authors in refining and improving their policies. In particular, we focus on authorization and obligation policies that can be encoded in Gelfond and Lobo's AOPL language for policy specification. We propose a framework that detects the statements that make a policy inconsistent, underspecified, or ambiguous with respect to an action being executed in a given state. We also give attention to issues that arise at the intersection of authorization and obligation policies, for instance when the policy requires an unauthorized action to be executed. The framework is encoded in Answer Set Programming. Under consideration for acceptance in TPLP.

Logic in Computer Science,Artificial Intelligence

Sun Yong,Kong Feng,Wang Xiong,Wang Weijian

DOI: https://doi.org/10.3321/j.issn:1002-8331.2005.36.051

2005-01-01

Abstract:A dynamic workflow authorization model is proposed,which describes the triggers and constraints of tasks by expression.Unlike other role-based models,the role set in this model is only one property of a user.It's simple to extend the model by design more properties of users and functions.The model describes permissions of users and roles,constraints of task state transitions,count of task instances,dependencies of tasks,separation of duties,time and organization via expression.The flexible of expression brings the model capability and adaptability.This model supports complex workflows include multi startup task,multi end task,and-split,or-split,multiple-split,and-join,or-join,multiple-join and loop.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.c0910564

2010-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Collaborative access control is receiving growing attention in both military and commercial areas due to an urgent need to protect confidential resources and sensitive tasks. Collaborative access control means that multiple subjects should participate to make access control decisions to prevent fraud or the abuse of rights. Existing approaches to access control cannot satisfy the requirements of collaborative access control. To address this concern, we propose an authorization model for collaborative access control. The central notions of the model are collaborative permission, collaboration constraint, and collaborative authorization policy, which make it possible to define the collaboration among multiple subjects involved in gaining a permission. The implementation architecture of the model is also provided. Furthermore, we present effective conflict detection and resolution methods for maintaining the consistency of collaborative authorization policies.

Laura Pearlman,Von Welch,Ian Foster,Carl Kesselman,Steven Tuecke

DOI: https://doi.org/10.48550/arXiv.cs/0306053

2003-06-12

Distributed, Parallel, and Cluster Computing

Abstract:In "Grids" and "collaboratories," we find distributed communities of resource providers and resource consumers, within which often complex and dynamic policies govern who can use which resources for which purpose. We propose a new approach to the representation, maintenance, and enforcement of such policies that provides a scalable mechanism for specifying and enforcing these policies. Our approach allows resource providers to delegate some of the authority for maintaining fine-grained access control policies to communities, while still maintaining ultimate control over their resources. We also describe a prototype implementation of this approach and an application in a data management context.

Peng Liu,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/WI.2005.2

2005-01-01

Abstract:Although several access control policies have been proposed for securing access to resources, they focused on security of distributed environments that were rather static. Nowadays distributed environment becomes open and dynamic. In this paper, we propose a formal language for access control policies in open and dynamic environment. The language is based on description logic program and generalized courteous logic program supporting classical negation, prioritized conflict handling and mutual exclusion constraints. The language allows the specification of positive and negative authorization, privilege delegation and revocation, prioritized conflict resolution and mutual authorization exclusions.

裘炅,谭建荣,张树有,马晨华

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.07.020

2004-01-01

Abstract:The model formally describes the key elements of access control such as role, user, privilege, task unit, authorization strategy, authorization constraint and the relationship between these elements. We identify the following four types of authorization constraints: require role constraints, require user constraints, deny role constraints and deny user constraints, then provide constraint consistency checking rules upon them. In this model, authorization flow is synchronized with workflow and the workflow can be efficiently executed through the constraint consistency checking rules. The main advantage of the model is its comprehensiveness, flexibility and practicability.

Yl Jiang,Bs Liao,Y Liu,J Hu

DOI: https://doi.org/10.1007/978-3-540-30483-8_2

2004-01-01

Abstract:Traditional methods for authorization within Grid computing have many shortcomings. Firstly, the enrolments of users and services into the server are done manually, which is not adaptable to the dynamic environment where the service providers and service consumers join or leave dynamically. Secondly, the authorization policy language is not expressive enough to represent more complex policies, and can't resolve the problem of semantic inconsistency between different parties who treat the same policy. This paper takes advantage of characteristics of intelligent agent such as autonomy, proactivity, and sociality, to treat with the authorization issues, including automated registrations and management of agents (service providers and service consumers), autonomous authentication and authorization based on policies, etc. On the other hand, an ontology-based content-explicit policy modeling framework is presented, which resolves the semantic inconsistency problem among different parties.

Jianwen Sun,Xiang Long,Yongwang Zhao

DOI: https://doi.org/10.1109/access.2018.2815766

IF: 3.9

2018-01-01

IEEE Access

Abstract:Formal verification of information flow security with dynamic policies of security-critical systems is a grand challenge. This paper presents the first effort to formally specify and verify a capability-based system model with dynamic information flow policies. We build a generic security model with dynamic security policies. In the security model, we define a set of information flow security properties and provide an inference framework for them. Based on the security model, we propose a system model for capability-based secure systems. The system model specifies critical events including system initialization, inter-domain communication, and capability management. We prove information flow security of the capability-based model by an unwinding theorem. Formal specification and security proof are carried out in the Isabelle/HOL theorem prover and could be applied to formally develop and verify the security of capability-based secure systems, such as separation kernels and secure hypervisors. To our knowledge, this is the first machine-checked proof of capability-based information security with dynamic policies.

Fausto Rabitti,Elisa Bertino,Won Kim,Darrell Woelk

DOI: https://doi.org/10.1145/103140.103144

IF: 1.6289

1991-03-01

ACM Transactions on Database Systems

Abstract:The conventional models of authorization have been designed for database systems supporting the hierarchical, network, and relational models of data. However, these models are not adequate for next-generation database systems that support richer data models that include object-oriented concepts and semantic data modeling concepts. Rabitti, Woelk, and Kim [14] presented a preliminary model of authorization for use as the basis of an authorization mechanism in such database systems. In this paper we present a fuller model of authorization that fills a few major gaps that the conventional models of authorization cannot fill for next-generation database systems. We also further formalize the notion of implicit authorization and refine the application of the notion of implicit authorization to object-oriented and semantic modeling concepts. We also describe a user interface for using the model of authorization and consider key issues in implementing the authorization model.

computer science, information systems, software engineering

Johan van Benthem

2012-01-01

Abstract:A healthy field combines two driving forces, extension of coverage and theoretical reflection – and modal logic is no exception. In this talk, we look at some broader theoretical issues raised by recent developments in dynamic logics of information flow, whose main technical feature is the modal study of definable model change. Our pilot system will be public announcement logic PAL, the base calculus of update with hard information. We identify several general themes behind the particulars of its design. These include model-theoretic issues like the balance of expressive power for the static and dynamic components of the language, and learnability results in the form of preservation theorems. But we also discuss PAL’s calculus of reasoning, via correspondence analysis of its axioms as constraints on update functions in domains of inquiry, showing how this leads to two recent extensions: protocol versions where no reduction to the static base language occurs, and substitution-closed core versions of the system. Both moves exemplify more general operations on modal logics. Next, we consider other dynamic-epistemic logics, and amplify on the above themes, while adding some new ones. First, we discuss event models and product update in DEL, a calculus of model construction that shows analogies with process algebra, but also with the epistemic μ–calculus. Then we turn to dynamic logics for belief change under incoming hard and soft information that upgrade plausibility relations without eliminating worlds. We discuss what logical format best captures the generality needed to avoid a jungle of revision policies. In this setting also, we look at the general phenomenon of defining new static modalities by dynamic considerations. While all this broadens our view of single-step model transformations, another conspicuous dimension in current research is the global temporal horizon of a process of inquiry, a conversation, or a game, adding procedural information to local updates. We discuss representation results linking local dynamic and global temporal logics, while also pointing at specific model-theoretic issues arising with concrete processes involving iterated hard or soft announcements, and their limit behavior. Here we link up with modal fixed-point logics, though the general situation is far from clear. As a very concrete instance of merging local and global perspectives, we discuss some recent links between dynamic epistemic logics and formal learning theory, where modal models acquire a new meaning as priors pre-encoding learning methods.

Alessandro Aldini

DOI: https://doi.org/10.48550/arXiv.1607.02232

2016-07-08

Logic in Computer Science

Abstract:Trust and reputation models for distributed, collaborative systems have been studied and applied in several domains, in order to stimulate cooperation while preventing selfish and malicious behaviors. Nonetheless, such models have received less attention in the process of specifying and analyzing formally the functionalities of the systems mentioned above. The objective of this paper is to define a process algebraic framework for the modeling of systems that use (i) trust and reputation to govern the interactions among nodes, and (ii) communication models characterized by a high level of adaptiveness and flexibility. Hence, we propose a formalism for verifying, through model checking techniques, the robustness of these systems with respect to the typical attacks conducted against webs of trust.

L. Pearlman,V. Welch,I. Foster,C. Kesselman,S. Tuecke

DOI: https://doi.org/10.48550/arXiv.cs/0306082

2003-06-14

Software Engineering

Abstract:Virtual organizations (VOs) are communities of resource providers and users distributed over multiple policy domains. These VOs often wish to define and enforce consistent policies in addition to the policies of their underlying domains. This is challenging, not only because of the problems in distributing the policy to the domains, but also because of the fact that those domains may each have different capabilities for enforcing the policy. The Community Authorization Service (CAS) solves this problem by allowing resource providers to delegate some policy authority to the VO while maintaining ultimate control over their resources. In this paper we describe CAS and our past and current implementations of CAS, and we discuss our plans for CAS-related research.

Jason Crampton,Charles Morisset

DOI: https://doi.org/10.48550/arXiv.1204.2342

2014-07-31

Abstract:There have been many proposals for access control models and authorization policy languages, which are used to inform the design of access control systems. Most, if not all, of these proposals impose restrictions on the implementation of access control systems, thereby limiting the type of authorization requests that can be processed or the structure of the authorization policies that can be specified. In this paper, we develop a formal characterization of the features of an access control model that imposes few restrictions of this nature. Our characterization is intended to be a generic framework for access control, from which we may derive access control models and reason about the properties of those models. In this paper, we consider the properties of monotonicity and completeness, the first being particularly important for attribute-based access control systems. XACML, an XML-based language and architecture for attribute-based access control, is neither monotonic nor complete. Using our framework, we define attribute-based access control models, in the style of XACML, that are, respectively, monotonic and complete.

Cryptography and Security,Logic in Computer Science

Bas van den Heuvel,Daniele Nantes-Sobrinho,Joseph W.N. Paulus,Jorge A. Pérez

2024-11-12

Abstract:We consider the problem of designing typed concurrent calculi with non-deterministic choice in which types leverage linearity for controlling resources, thereby ensuring strong correctness properties for processes. This problem is constrained by the delicate tension between non-determinism and linearity. Prior work developed a session-typed {\pi}-calculus with standard non-deterministic choice; well-typed processes enjoy type preservation and deadlock-freedom. Central to this typed calculus is a lazy semantics that gradually discards branches in choices. This lazy semantics, however, is complex: various technical elements are needed to describe the non-deterministic behavior of typed processes. This paper develops an entirely new approach, based on an eager semantics, which more directly represents choices and commitment. We present a {\pi}-calculus in which non-deterministic choices are governed by this eager semantics and session types. We establish its key correctness properties, including deadlock-freedom, and demonstrate its expressivity by correctly translating a typed resource {\lambda}-calculus.

Logic in Computer Science,Programming Languages

Chuta Sano,Ryan Kavanagh,Brigitte Pientka

2023-09-22

Abstract:Session types employ a linear type system that ensures that communication channels cannot be implicitly copied or discarded. As a result, many mechanizations of these systems require modeling channel contexts and carefully ensuring that they treat channels linearly. We demonstrate a technique that localizes linearity conditions as additional predicates embedded within type judgments, which allows us to use structural typing contexts instead of linear ones. This technique is especially relevant when leveraging (weak) higher-order abstract syntax to handle channel mobility and the intricate binding structures that arise in session-typed systems. Following this approach, we mechanize a session-typed system based on classical linear logic and its type preservation proof in the proof assistant Beluga, which uses the logical framework LF as its encoding language. We also prove adequacy for our encoding. This shows the tractability and effectiveness of our approach in modelling substructural systems such as session-typed languages.

Programming Languages

Franco Barbanera,Mariangiola Dezani-Ciancaglini,Ugo de'Liguoro

DOI: https://doi.org/10.4204/EPTCS.408.1

2024-10-01

Abstract:Formal verification methods for concurrent systems cannot always be scaled-down or tailored in order to be applied on specific subsystems. We address such an issue in a MultiParty Session Types setting by devising a partial type assignment system for multiparty sessions (i.e. sets of concurrent participants) with asynchronous communications. Sessions are possibly typed by "asynchronous global types" describing the overall behaviour of specific subsets of participants only (from which the word "partial"). Typability is proven to ensure that sessions enjoy the partial versions of the well-known properties of lock- and orphan-message-freedom.

Logic in Computer Science