Programming Access Control: The Klaim Experience

 Rocco De Nicola1, GianLuigi Ferrari2, Rosario Pugliese1
1 Dipartimento di Sistemi e Informatica, Universita' di Firenze
2 Dipartimento di Informatica, Universita' di Pisa

Abstract
In the design of programming languages for highly distributed systems where processes can migrate and execute on new hosts, the integration of security mechanisms is a major challenge. In this paper, we report our experience in the design of an experimental programming language, called Klaim, which provides mechanisms to customize access control policies. Klaim security architecture exploits a capability-based type system to provide mechanisms for specifying and enforcing policies that control uses of resources and authorize migration and execution of processes. By means of a few programming examples, we illustrate the flexibility of the Klaim approach to support the specification of control policies and to guarantee their enforcement.