{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,6,17]],"date-time":"2023-06-17T11:30:44Z","timestamp":1687001444329},"reference-count":30,"publisher":"Cambridge University Press (CUP)","issue":"4","license":[{"start":{"date-parts":[[2009,8,1]],"date-time":"2009-08-01T00:00:00Z","timestamp":1249084800000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/www.cambridge.org\/core\/terms"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Math. Struct. Comp. Sci."],"published-print":{"date-parts":[[2009,8]]},"abstract":"<jats:p>Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon's pi-calculus with groups (Cardelli<jats:italic>et al<\/jats:italic>. 2005). In our theory, groups play the role of principals and form the unit of abstraction for our access control policies, and types allow the specification of fine-grained access control policies to govern the transmission of names, bound the (iterated) re-transmission of capabilities and predicate their use on the inability to pass them to third parties. The type system relies on subtyping to achieve a selective distribution of capabilities to the groups that control the communication channels. We show that the typing and subtyping relationships of the calculus are decidable. We also prove a type safety result, showing that in well-typed processes all names:<jats:list list-type=\"number\"><jats:list-item><jats:label>(i)<\/jats:label><jats:p>flow according to the access control policies specified by their types; and<\/jats:p><\/jats:list-item><jats:list-item><jats:label>(ii)<\/jats:label><jats:p>are received at the intended sites with the intended capabilities.<\/jats:p><\/jats:list-item><\/jats:list>We illustrate the expressive power and the flexibility of the typing system using several examples.<\/jats:p>","DOI":"10.1017\/s0960129509007762","type":"journal-article","created":{"date-parts":[[2009,7,2]],"date-time":"2009-07-02T14:53:56Z","timestamp":1246546436000},"page":"839-875","source":"Crossref","is-referenced-by-count":6,"title":["A type system for Discretionary Access Control"],"prefix":"10.1017","volume":"19","author":[{"given":"MICHELE","family":"BUGLIESI","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"DARIO","family":"COLAZZO","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"SILVIA","family":"CRAFA","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"DAMIANO","family":"MACEDONIO","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"56","published-online":{"date-parts":[[2009,8,1]]},"reference":[{"key":"S0960129509007762_ref29","doi-asserted-by":"publisher","DOI":"10.1145\/353323.353382"},{"key":"S0960129509007762_ref28","doi-asserted-by":"crossref","unstructured":"Sandhu R. S. and Munawer Q. (1998) How to do discretionary access control using roles. In: ACM Workshop on Role-Based Access Control 47\u201354.","DOI":"10.1145\/286884.286893"},{"key":"S0960129509007762_ref26","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268978"},{"key":"S0960129509007762_ref25","first-page":"320","volume-title":"CSFW'02","author":"Pottier","year":"2002"},{"key":"S0960129509007762_ref27","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45608-2_3"},{"key":"S0960129509007762_ref24","doi-asserted-by":"crossref","first-page":"409","DOI":"10.1017\/S096012950007002X","article-title":"Typing and subtyping for mobile processes","volume":"6","author":"Pierce","year":"1996","journal-title":"Mathematical Structures in Computer Science"},{"key":"S0960129509007762_ref23","doi-asserted-by":"publisher","DOI":"10.1145\/363516.363526"},{"key":"S0960129509007762_ref17","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0053567"},{"key":"S0960129509007762_ref11","doi-asserted-by":"publisher","DOI":"10.1017\/S0956796802004318"},{"key":"S0960129509007762_ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71316-6_2"},{"key":"S0960129509007762_ref19","doi-asserted-by":"publisher","DOI":"10.1145\/1328438.1328472"},{"key":"S0960129509007762_ref14","doi-asserted-by":"publisher","DOI":"10.1007\/s00236-005-0178-y"},{"key":"S0960129509007762_ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-28644-8_15"},{"key":"S0960129509007762_ref20","doi-asserted-by":"publisher","DOI":"10.1007\/s00236-005-0179-x"},{"key":"S0960129509007762_ref22","doi-asserted-by":"crossref","unstructured":"McCollum C. , Messing J. R. and Notargiacomo L. (1990) Beyond the pale of MAC and DAC \u2013 defining new forms of access control. Proceedings of IEEE Symposium on Security and Privacy 190\u2013200.","DOI":"10.1109\/RISP.1990.63850"},{"key":"S0960129509007762_ref1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-63141-0_5"},{"key":"S0960129509007762_ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2005.07.013"},{"key":"S0960129509007762_ref15","doi-asserted-by":"publisher","DOI":"10.1145\/570886.570890"},{"key":"S0960129509007762_ref2","doi-asserted-by":"crossref","first-page":"309","DOI":"10.3233\/FI-1998-33401","article-title":"Coinductive axiomatization of recursive type equality and subtyping","volume":"33","author":"Brandt","year":"1998","journal-title":"Fundaenta Informaticae"},{"key":"S0960129509007762_ref16","doi-asserted-by":"publisher","DOI":"10.1006\/inco.2001.3089"},{"key":"S0960129509007762_ref13","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45061-0_11"},{"key":"S0960129509007762_ref12","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2004-123-406"},{"key":"S0960129509007762_ref30","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2003-11202"},{"key":"S0960129509007762_ref4","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190253"},{"key":"S0960129509007762_ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.ic.2004.08.003"},{"key":"S0960129509007762_ref7","first-page":"170","volume-title":"CSFW'03","author":"Chothia","year":"2003"},{"key":"S0960129509007762_ref8","doi-asserted-by":"publisher","DOI":"10.1016\/S0304-3975(99)00232-7"},{"key":"S0960129509007762_ref10","first-page":"31","volume-title":"CSF'07","author":"Fournet","year":"2007"},{"key":"S0960129509007762_ref18","first-page":"188","article-title":"Secure information flow as typed process behaviour. In: Proceedings ESOP '00","volume":"1782","author":"Honda","year":"2000","journal-title":"Springer-Verlag Lecture Notes in Computer Science"},{"key":"S0960129509007762_ref21","doi-asserted-by":"publisher","DOI":"10.1145\/775265.775268"}],"container-title":["Mathematical Structures in Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.cambridge.org\/core\/services\/aop-cambridge-core\/content\/view\/S0960129509007762","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,20]],"date-time":"2020-05-20T05:52:19Z","timestamp":1589953939000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.cambridge.org\/core\/product\/identifier\/S0960129509007762\/type\/journal_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,8]]},"references-count":30,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2009,8]]}},"alternative-id":["S0960129509007762"],"URL":"https:\/\/doi.org\/10.1017\/s0960129509007762","relation":{},"ISSN":["0960-1295","1469-8072"],"issn-type":[{"value":"0960-1295","type":"print"},{"value":"1469-8072","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,8]]}}}