Types for Access Control

 Rocco De Nicola1, GianLuigi Ferrari2, Rosario Pugliese1, Betti Venneri1,
1 Dipartimento di Sistemi e Informatica, Universita' di Firenze
2 Dipartimento di Informatica, Universita' di Pisa

Abstract
Klaim is an experimental programming language that supports a programming paradigm where both processes and data can be moved across different computing environments. The language relies on the use of explicit localities, and on allocation environments that associate logical localities to physical sites. This paper presents the mathematical foundations of the Klaim type system; this system permits checking statically the access rights violations of mobile agents. Types are used to describe the intentions (read, write, execute, ...) of processes relative to the different localities that they are willing to interact with, or that they want to migrate to. Type checking then determines whether processes comply with the declared intentions, and whether they have been assigned the necessary rights to perform the intended operations at the specified localities. The Klaim type system encompasses both subtyping and recursively defined types. The former occurs naturally when considering hierarchies of access rights, while the latters are needed to model migration of recursive processes.