Static behavioural analysis of mobile computer programs is an active area of research, many fundamental behavioural properties and security issues for mobile computing have to be established. We believe that rewriting can provide a formal basis for the study of a broad range of security issues, ranging from the specification, implementation, and validation of security policies, to the analysis of logs and the development of tools for intrusion detection.
In this project we will focus mainly on access control within distributed and mobile applications. Special language primitives and reasoning tools are needed to specify access control policies and to prove their properties. The purpose of this project is to tackle this problem by using a well-known tool: rewriting theory, possibly combined with type systems. We plan to develop an implementation of the existing access control mechanisms, supported by centralised or distributed systems, using a term rewriting framework.
We will extend the usual notion of rewriting to accommodate distributed code and investigate a theory of access control described in terms of a set of rewrite rules and their reductions. The rewrite system thus obtained will be used as a basis for the design of a distributed, mobile language where programs are defined as collections of rewrite rules with built-in mobility and access control mechanisms. The obtained rewrite-based language will be applicable in mobile distributed environments, in particular the Semantic Web environment.
An advantage of the rewriting framework over a more traditional logic-programming framework is its expressivity: rewriting encompasses several computation paradigms, including functional, logic, imperative and concurrent ones. Another advantage is that we can profit from the rapid prototyping tools available, and we can study the behavioural and security properties of the reduction relation by using type systems and standard rewriting techniques.
Call for proposal
See other projects for this call