A Typed Model for Dynamic Authorizations
نویسندگان
چکیده
Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the π-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.
منابع مشابه
Managing Break-The-Glass using Situation-Oriented Authorizations
The patient’s life is a redline in Healthcare environments. Whenever it comes to danger, such environments reject static authorizations . A common problem "Break The Glass" is known as the act of breaking the static authorization in order to reach the required permission. Healthcare environment is full of different contexts and situations that require the authorizations to be dynamic. Dynamic A...
متن کاملRecycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM)
In large and complex enterprises, obtaining authorizations could be communicationally and/or computationally expensive, and, due to infrastructure failures, some times even impossible. This paper establishes the concept of recycling previously made authorizations for serving new authorization requests. It introduces secondary and approximate authorizations model (SAAM) with the semantics of mat...
متن کاملA Paradigm for Dynamic and Decentralized Administration of Access Control in Workflow Applications
The administration of authorizations in modem Web-based computing environments has become a primary concern. Application security is characterized by a significant complexity, due to the large number of variations and combinations of objects and operations to be protected. Thus, there is a need for data, processes and context parameters, like time and location, to be combined into a security mo...
متن کاملA Component-Based Architecture for Secure Data Publication
We present an approach for controlling access to data publishers in the framework of Web-based information services. The paper presents a model for enforcing access control regulations, an XML core schema and namespace for expressing such regulations, and illustrate the architecture of Access Control Unit (ACU), an autonomous software component based on the proposed model. Besides “standard” au...
متن کاملA Generic Framework for Context-Based Distributed Authorizations
In conventional security systems, protected resources such as documents, hardware devices and software applications follow an On/Off access policy. On, allows to grant access and off for denying access. This access policy is principally based on the user’s identity and is static over time. As applications become more pervasive, security policies must become more flexible in order to respond to ...
متن کامل