Citation
"Distributed Programming with Distributed Authorization". K. Avijit, A. Datta, R. Harper (eds.), 5th ACM SIGPLAN Workshop on Types in Language Design and Implementation, January, 2010.
Abstract
We propose a programming language, called PCML5, for building
distributed applications with distributed access control. Target
applications include web-based systems in which programs must
compute with stipulated resources at different sites. In such a setting,
access control policies are decentralized (each site may impose
restrictions on access to its resources without the knowledge
of or cooperation with other sites) and spatially distributed (each
site may store its policies locally). To enforce such policies PCML5
employs a distributed proof-carrying authorization framework in
which sensitive resources are governed by reference monitors that
authenticate principals and demand logical proofs of compliance
with site-specific access control policies. The language provides
primitive operations for authentication, and acquisition of proofs
from local policies. The type system of PCML5 enforces locality
restrictions on resources, ensuring that they can only be accessed
from the site at which they reside, and enforces the authentication
and authorization obligations required to comply with local access
control policies. This ensures that a well-typed PCML5 program
cannot incur a runtime access control violation at a reference monitor
for a controlled resource.
Electronic downloads
- adh-tldi2010.pdf · application/pdf · 251 kbytes
| Citation formats |
- HTML
<a href="http://www.truststc.org/pubs/751.html" ><i>Distributed Programming with Distributed Authorization</i></a>, K. Avijit, A. Datta, R. Harper (eds.), 5th ACM SIGPLAN Workshop on Types in Language Design and Implementation, January, 2010.
- Plain text
"Distributed Programming with Distributed Authorization". K. Avijit, A. Datta, R. Harper (eds.), 5th ACM SIGPLAN Workshop on Types in Language Design and Implementation, January, 2010.
- BibTeX
@proceedings{AvijitDattaHarper10_DistributedProgrammingWithDistributedAuthorization, title = {Distributed Programming with Distributed Authorization}, editor = {K. Avijit, A. Datta, R. Harper}, organization = {5th ACM SIGPLAN Workshop on Types in Language Design and Implementation}, month = {January}, year = {2010}, abstract = {We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include web-based systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentralized (each site may impose restrictions on access to its resources without the knowledge of or cooperation with other sites) and spatially distributed (each site may store its policies locally). To enforce such policies PCML5 employs a distributed proof-carrying authorization framework in which sensitive resources are governed by reference monitors that authenticate principals and demand logical proofs of compliance with site-specific access control policies. The language provides primitive operations for authentication, and acquisition of proofs from local policies. The type system of PCML5 enforces locality restrictions on resources, ensuring that they can only be accessed from the site at which they reside, and enforces the authentication and authorization obligations required to comply with local access control policies. This ensures that a well-typed PCML5 program cannot incur a runtime access control violation at a reference monitor for a controlled resource.}, URL = {http://www.truststc.org/pubs/751.html} }
Posted by Jessica Gamble on 5 May 2010.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.