Type Based Discretionary Access Control
نویسندگان
چکیده
Discretionary Access Control (DAC) systems provide powerful mechanisms for resource management based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for concurrent and distributed systems represented as terms of Cardelli, Ghelli and Gordon’s pi calculus with groups [3]. In our theory, groups play the rôle of principals, and the structure of types allows fine-grained mechanisms to be specified to govern the transmission of names, to bound the (iterated) re-transmission of capabilities, to predicate their use on the inability to pass them to third parties, . . . and more. The type system relies on subtyping to help achieve a selective distribution of capabilities, based on the groups in control of the communication channels. Type preservation provides the basis for a safety theorem stating that in well-typed processes all names flow according to the delivery policies specified by their types, and are received at the intended sites with the intended capabilities.
منابع مشابه
Role-Based Access Control
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organiza...
متن کاملRole-Based Access Controls
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organiza...
متن کاملA type system for Discretionary Access Control
Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon’s pi-calculus with groups (Cardelli et al., 2005). In our theory, groups play the rôle of principals, the unit o...
متن کاملCon guring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general enough to simulate the traditional methods. In this paper we provide systematic constructions for various common forms of both of the tradition...
متن کاملA Survey of Access Control Policies
Modern operating systems each have different implementations of access controls and use different policies for determining the access that subjects may have on objects. This paper reviews the three main types of access control policies: discretionary, mandatory, and role-based. It then describes how Windows and various Unix systems implement their chosen access control policies. Finally, it dis...
متن کامل