Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1007/978-3-642-01364-5_11guidebooksArticle/Chapter ViewAbstractPublication PagesBookacm-pubtype
chapter

Security Types for Sessions and Pipelines

Published: 30 April 2009 Publication History

Abstract

The growing importance of service-oriented computing has triggered development of formal computational models for service description and orchestration. Several versions of the Service Centered Calculus (SCC) and its successor, the Calculus of Services with Pipelines and Sessions (CaSPiS) have emerged as outcome of those studies, and are based on the notion of interaction patterns called sessions between the service and the client who invokes it. We propose a security oriented extension of Bruni and Mezzina's typed variant of CaSPiS, where security levels have been assigned to service definitions, clients and data. In order to invoke a service, a client must be endowed with an appropriate clearance, and once the service and client agree on the security level, the data exchanged in the initiated session will not exceed this level. We study a type system that statically ensures these security properties.

References

[1]
Acciai, L., Boreale, M.: A Type System for Client Progress in a Service-Oriented Calculus. In: Degano, P., De Nicola, R., Meseguer, J. (eds.) Concurrency, Graphs and Models. LNCS, vol. 5065, pp. 642-658. Springer, Heidelberg (2008).
[2]
Banerjee, A., Naumann, D.A.: A Simple Semantics and Static Analysis for Java Security. Technical Report 2001-1, Stevens Institute of Technology (2001).
[3]
Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. Technical Report MTR-2547, Vol. 1, MITRE Corp., Bedford, MA (1973).
[4]
Bonelli, E., Compagnoni, A., Gunter, E.: Correspondence assertions for process synchronization in concurrent communications. J. Funct. Program. 15(2), 219-247 (2005).
[5]
Boreale, M., Bruni, R., Nicola, R.D., Lanese, I., Loreti, M., Montanari, U., Sangiorgi, D., Zavattaro, G.: SCC: a Service Centered Calculus. In: ACSAC 2006. LNCS, vol. 4186, pp. 38-57. Springer, Heidelberg (2006).
[6]
Boreale, M., Bruni, R., Nicola, R.D., Loreti, M.: Sessions and Pipelines for Structured Service Programming. In: Barthe, G., de Boer, F.S. (eds.) FMOODS 2008. LNCS, vol. 5051, pp. 19-38. Springer, Heidelberg (2008).
[7]
Boudol, G., Kolundzija, M.: Access Control and Declassification. In: Computer Network Security. CCIS, vol. 1, pp. 85-98. Springer, Heidelberg (2007).
[8]
Bruni, R., Mezzina, L.G.: Types and Deadlock Freedom in a Calculus of Services, Sessions and Pipelines. In: Meseguer, J., Roşu, G. (eds.) AMAST 2008. LNCS, vol. 5140, pp. 100-115. Springer, Heidelberg (2008).
[9]
Denning, D.E.: A lattice model of secure information flow. Comm. of the ACM 19(5), 236-243 (1976).
[10]
Dezani-Ciancaglini, M., de' Liguoro, U., Yoshida, N.: On Progress for Structured Communications. In: Barthe, G., Fournet, C. (eds.) TGC 2007 and FODO 2008. LNCS, vol. 4912, pp. 257-275. Springer, Heidelberg (2008).
[11]
Dezani-Ciancaglini, M., Mostrous, D., Yoshida, N., Drossopoulou, S.: Session Types for Object-Oriented Languages. In: Thomas, D. (ed.) ECOOP 2006. LNCS, vol. 4067, pp. 328-352. Springer, Heidelberg (2006).
[12]
Fournet, C., Gordon, A.D.: Stack Inspection: Theory and Variants. In: POPL 2002, pp. 307-318 (2002).
[13]
Gay, S., Hole, M.: Subtyping for Session Types in the pi Calculus. Acta Inf. 42(2), 191-225 (2005).
[14]
Honda, K., Vasconcelos, V.T., Kubo, M.: Language Primitives and Type Disciplines for Structured Communication-based Programming. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, pp. 122-138. Springer, Heidelberg (1998).
[15]
Kitchin, D., Cook, W.R., Misra, J.: A Language for Task Orchestration and Its Semantic Properties. In: Baier, C., Hermanns, H. (eds.) CONCUR 2006. LNCS, vol. 4137, pp. 477-491. Springer, Heidelberg (2006).
[16]
Lanese, I., Vasconcelos, V.T., Martins, F., Ravara, A.: Disciplining Orchestration and Conversation in Service-Oriented Computing. In: SEFM 2007, pp. 305-314. IEEE Computer Society Press, Los Alamitos (2007).
[17]
Lapadula, A., Pugliese, R., Tiezzi, F.: A Calculus for Orchestration of Web Services. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 33-47. Springer, Heidelberg (2007).
[18]
Pottier, F., Skalka, C., Smith, S.: A Systematic Approach to Static Access Control. ACM TOPLAS 27(2) (2005).
[19]
Skalka, C., Smith, S.: Static Enforcement of Security with Types. ACM SIGPLAN Notices 35(9), 34-45 (2000).
[20]
Volpano, D., Smith, G., Irvine, C.: A Sound Type System for Secure Flow Analysis. J. Computer Security 4(3), 167-187 (1996).
[21]
Zdancewic, S.: Programming Languages for Information Security. PhD thesis, Cornell University (2002).

Cited By

View all
  • (2019)Typing access control and secure information flow in sessionsInformation and Computation10.1016/j.ic.2014.07.005238:C(68-105)Online publication date: 4-Jan-2019
  • (2010)From ASTD access control policies to WS-BPEL processes deployed in a SOA environmentProceedings of the 2010 international conference on Web information systems engineering10.5555/2044492.2044506(126-141)Online publication date: 12-Dec-2010
  • (2010)Session types for access and information flow controlProceedings of the 21st international conference on Concurrency theory10.5555/1887654.1887671(237-252)Online publication date: 31-Aug-2010

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Guide books
Web Services and Formal Methods: 5th International Workshop, WS-FM 2008, Milan, Italy, September 4-5, 2008, Revised Selected Papers
April 2009
239 pages
ISBN:9783642013638
  • Editors:
  • Roberto Bruni,
  • Karsten Wolf

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 30 April 2009

Qualifiers

  • Chapter

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2019)Typing access control and secure information flow in sessionsInformation and Computation10.1016/j.ic.2014.07.005238:C(68-105)Online publication date: 4-Jan-2019
  • (2010)From ASTD access control policies to WS-BPEL processes deployed in a SOA environmentProceedings of the 2010 international conference on Web information systems engineering10.5555/2044492.2044506(126-141)Online publication date: 12-Dec-2010
  • (2010)Session types for access and information flow controlProceedings of the 21st international conference on Concurrency theory10.5555/1887654.1887671(237-252)Online publication date: 31-Aug-2010

View Options

View options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media