Role-Based Access Control in a Mobile Environment

Compagnoni, Adriana; Gunter, Elsa L.; Bidinger, Philippe

Permalink

https://hdl.handle.net/2142/11258 Copy

Description

Title

Role-Based Access Control in a Mobile Environment

Author(s)

• Compagnoni, Adriana
• Gunter, Elsa L.
• Bidinger, Philippe

Issue Date

2006-07

Keyword(s)

• mobile computing
• computer science
• Computer Security

Abstract

Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile environments, and in particular, the security policies regulating who can access the information in question. In this paper we describe a calculus for mobile processes and propose a mechanism for specifying access privileges based on a combination of the identity of the users seeking access, their credentials, and the location from which they seek it, within a reconfigurable nested structure. We define BACIR, a boxed ambient calculus extended with a Distributed Role-Based Access Control mechanism where each ambient controls its own access policy. A process in BACIR is associated with an owner and a set of activated roles that grant permissions for mobility and communication. The calculus includes primitives to activate and deactivate roles. The behavior of these primitives is determined by the process's owner, its current location and its currently activated roles. We consider two forms of security violations that our type system prevents: 1) attempting to move into an ambient without having the authorizing roles granting entry activated and 2) trying to use a communication port without having the roles required for access activated. We accomplish 1) and 2) by giving a static type system, an untyped transition semantics, and a typed transition semantics. We then show that a well-typed program never violates the dynamic security checks.

Type of Resource

text

Permalink

http://hdl.handle.net/2142/11258

Copyright and License Information

You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).

Owning Collections