Implementing access control mechanisms using rewriting techniques

Objective

Static behavioural analysis of mobile computer programs is an active area of research, many fundamental behavioural properties and security issues for mobile computing have to be established. We believe that rewriting can provide a formal basis for the study of a broad range of security issues, ranging from the specification, implementation, and validation of security policies, to the analysis of logs and the development of tools for intrusion detection.

In this project we will focus mainly on access control within distributed and mobile applications. Special language primitives and reasoning tools are needed to specify access control policies and to prove their properties. The purpose of this project is to tackle this problem by using a well-known tool: rewriting theory, possibly combined with type systems. We plan to develop an implementation of the existing access control mechanisms, supported by centralised or distributed systems, using a term rewriting framework.

We will extend the usual notion of rewriting to accommodate distributed code and investigate a theory of access control described in terms of a set of rewrite rules and their reductions. The rewrite system thus obtained will be used as a basis for the design of a distributed, mobile language where programs are defined as collections of rewrite rules with built-in mobility and access control mechanisms. The obtained rewrite-based language will be applicable in mobile distributed environments, in particular the Semantic Web environment.

An advantage of the rewriting framework over a more traditional logic-programming framework is its expressivity: rewriting encompasses several computation paradigms, including functional, logic, imperative and concurrent ones. Another advantage is that we can profit from the rapid prototyping tools available, and we can study the behavioural and security properties of the reduction relation by using type systems and standard rewriting techniques.

Fields of science

• natural sciencescomputer and information sciencescomputer securityaccess control
• natural sciencescomputer and information sciencesinternetsemantic web

Keywords

• access control
• distribute systems
• mobile computing
• security policies
• software verification
• term rewrite systems

Programme(s)

• FP6-MOBILITY - Human resources and Mobility in the specific programme for research, technological development and demonstration "Structuring the European Research Area" under the Sixth Framework Programme 2002-2006

Topic(s)

• MOBILITY-2.1 - Marie Curie Intra-European Fellowships (EIF)

Call for proposal

FP6-2005-MOBILITY-5
See other projects for this call

Funding Scheme

Coordinator