λ- RBAC : Programming with Role-Based Access Control | SpringerLink
Skip to main content
Springer Nature Link
Log in

λ-RBAC: Programming with Role-Based Access Control

  • Conference paper
Automata, Languages and Programming (ICALP 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4052))

Included in the following conference series:

  • 6122 Accesses

Abstract

We study mechanisms that permit program components to express role constraints on clients, focusing on programmatic security mechanisms, which permit access controls to be expressed, in situ, as part of the code realizing basic functionality. In this setting, two questions immediately arise:

  • The user of a component faces the issue of safety: is a particular role sufficient to use the component?

  • The component designer faces the dual issue of protection: is a particular role demanded in all execution paths of the component?

We provide a formal calculus and static analysis to answer both questions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Morrisett, G., Sabelfeld, A.: Language-based security. J. Funct. Program. 15(2), 129 (2005)

    Article  Google Scholar 

  2. Amadio, R.M., Cardelli, L.: Subtyping recursive types. ACM TOPLAS 15(4), 575–631 (1993)

    Article  Google Scholar 

  3. Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur. 6(4), 501–546 (2003), doi:10.1145/950191.950194

    Article  Google Scholar 

  4. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001), doi:10.1145/501978.501979

    Article  Google Scholar 

  5. Boebert, W.E., Kain, R.Y.: A practical alternative to hierarchical integrity policies. In: Proceedings of the Eighth National Computer Security Conference (1985)

    Google Scholar 

  6. Braghin, C., Gorla, D., Sassone, V.: A distributed calculus for role-based access control. In: CSFW, pp. 48–60 (2004)

    Google Scholar 

  7. Brandt, M., Henglein, F.: Coinductive axiomatization of recursive type equality and subtyping. Fundam. Inf. 33(4), 309–338 (1998)

    MATH  MathSciNet  Google Scholar 

  8. Chong, S., Myers, A.C.: Security policies for downgrading. In: ACM Conference on Computer and Communications Security, pp. 198–209 (2004)

    Google Scholar 

  9. Compagnoni, A., Garralda, P., Gunter, E.: Role-based access control in a mobile environment. In: Symposium on Trustworthy Global Computing (2005)

    Google Scholar 

  10. Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, Artech House. Computer Security Series (2003)

    Google Scholar 

  11. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  12. Hoffman, J.: Implementing RBAC on a type enforced system. In: 13th Annual Computer Security Applications Conference (ACSAC 1997), pp. 158–163 (1997)

    Google Scholar 

  13. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  14. Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Sec. 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  15. Loscocco, P.A., Smalley, S.D.: Meeting critical security objectives with Security-Enhanced Linux. In: Proceedings of the 2001 Ottawa Linux Symposium (2001)

    Google Scholar 

  16. Mitchell, J.C.: Programming language methods in computer security. In: POPL, pp. 1–26 (2001)

    Google Scholar 

  17. Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: CSFW, pp. 172–186 (2004)

    Google Scholar 

  18. Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3(2), 85–106 (2000)

    Article  Google Scholar 

  19. Park, J.S., Sandhu, R.S., Ahn, G.-J.: Role-based access control on the web. ACM Trans. Inf. Syst. Secur. 4(1), 37–71 (2001)

    Article  Google Scholar 

  20. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (Jan. 2003)

    Article  Google Scholar 

  21. Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: ISSS, pp. 174–191 (2003)

    Google Scholar 

  22. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2) (1996)

    Google Scholar 

  23. Sandhu, R.S., Park, J.: Usage control: A vision for next generation access control. In: ACM Trans. Inf. Syst. Secur (2004)

    Google Scholar 

  24. Schneider, F.B., Morrisett, G., Harper, R.: A language-based approach to security. In: Wilhelm, R. (ed.) Dagstuhl Seminar 2000. LNCS, vol. 2000, pp. 86–101. Springer, Heidelberg (2001)

    Google Scholar 

  25. Siewe, F., Cau, A., Zedan, H.: A compositional framework for access control policies enforcement. In: FMSE, pp. 32–42 (2003)

    Google Scholar 

  26. Sirer, E.G., Wang, K.: An access control language for web services. In: SACMAT 2002: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 23–30 (2002)

    Google Scholar 

  27. Walker, K.M., Sterne, D.F., Badger, M.L., Petkac, M.J., Shermann, D.L., Oostendorp, K.A.: Confining root programs with Domain and Type Enforcement (DTE). In: Proceedings of the Sixth USENIX UNIX Security Symposium (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of CTI, DePaul University,  

    Radha Jagadeesan, Corin Pitcher & James Riely

  2. Bell Labs, Lucent Technologies,  

    Alan Jeffrey

Authors
  1. Radha Jagadeesan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alan Jeffrey
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Corin Pitcher
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. James Riely
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università Ca’ Foscari, Venice,  

    Michele Bugliesi

  2. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

  3. ECS, University of Southampton, UK

    Vladimiro Sassone

  4. FB Informatik, LS2, Univ. Dortmund, 44221, Dortmund, Germany

    Ingo Wegener

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jagadeesan, R., Jeffrey, A., Pitcher, C., Riely, J. (2006). λ-RBAC: Programming with Role-Based Access Control. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_39

Download citation

  • DOI: https://doi.org/10.1007/11787006_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35907-4

  • Online ISBN: 978-3-540-35908-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation