Dynamic Role Authorization in Multiparty Conversations

Protocol specifications often identify the roles involved in communications. In multiparty protocols that involve task delegation it is often useful to consider settings in which different sites may act on behalf of a single role. It is then crucial to control the roles that the different parties are authorized to represent, including the case in which role authorizations are determined only at runtime. Building on previous work on conversation types with flexible role assignment, here we report initial results on a typed framework for the analysis of multiparty communications with dynamic role authorization and delegation. In the underlying process model, communication prefixes are annotated with role authorizations and authorizations can be passed around. We extend the conversation type system so as to statically distinguish processes that never incur in authorization errors. The proposed static discipline guarantees that processes are always authorized to communicate on behalf of an intended role, also covering the case in which authorizations are dynamically passed around in messages.Comment: In Proceedings BEAT 2014, arXiv:1408.556

A Typed Model for Dynamic Authorizations

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.Comment: In Proceedings PLACES 2015, arXiv:1602.0325

Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

Behavioral types in programming languages

A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types

A decentralized analysis of multiparty protocols

Protocols provide the unifying glue in concurrent and distributed software today; verifying that message-passing programs conform to such governing protocols is important but difficult. Static approaches based on multiparty session types (MPST) use protocols as types to avoid protocol violations and deadlocks in programs. An elusive problem for MPST is to ensure both protocol conformance and deadlock-freedom for implementations with interleaved and delegated protocols. We propose a decentralized analysis of multiparty protocols, specified as global types and implemented as interacting processes in an asynchronous π-calculus. Our solution rests upon two novel notions: router processes and relative types. While router processes use the global type to enable the composition of participant implementations in arbitrary process networks, relative types extract from the global type the intended interactions and dependencies between pairs of participants. In our analysis, processes are typed using APCP, a type system that ensures protocol conformance and deadlock-freedom with respect to binary protocols, developed in prior work. Our decentralized, router-based analysis enables the sound and complete transference of protocol conformance and deadlock-freedom from APCP to multiparty protocols

A Decentralized Analysis of Multiparty Protocols

Protocols provide the unifying glue in concurrent and distributed software today; verifying that message-passing programs conform to such governing protocols is important but difficult. Static approaches based on multiparty session types (MPST) use protocols as types to avoid protocol violations and deadlocks in programs. An elusive problem for MPST is to ensure both protocol conformance and deadlock freedom for implementations with interleaved and delegated protocols. We propose a decentralized analysis of multiparty protocols, specified as global types and implemented as interacting processes in an asynchronous $\pi$-calculus. Our solution rests upon two novel notions: router processes and relative types. While router processes use the global type to enable the composition of participant implementations in arbitrary process networks, relative types extract from the global type the intended interactions and dependencies between pairs of participants. In our analysis, processes are typed using APCP, a type system that ensures protocol conformance and deadlock freedom with respect to binary protocols, developed in prior work. Our decentralized, router-based analysis enables the sound and complete transference of protocol conformance and deadlock freedom from APCP to multiparty protocols.Comment: revision following anonymous review

Inter-domain interoperability framework based on WebRTC

Nowadays, the communications paradigm is changing with the convergence of communication services to a model based on IP networks. Applications such as messaging or voice over IP are increasing its popularity and Communication Service Providers are focusing on offering this kind of services. Moreover, Web Real Time Communication (WebRTC) has emerged as a technology that eases the creation of web applications featuring Real-Time Communications over IP networks without the need to develop and install any plug-in. It lacks of specifications in the control plane, leaving the possibility to use WebRTC over tailored web signalling solutions or legacy networks such as IP Multimedia Subsystem (IMS). This technology brings a wide range of possibilities for web developers, but Communication Service Providers are adviced to develop solutions based on the WebRTC technology as described in the Eurescom Study P2252. The lack of WebRTC specifications on the signalling platform together with the threats and opportunities that this technology represents for Communication Service Providers, makes evident the need of research on interoperability solutions for the different kind of signalling implementations and experimentation on the best way for Communication Service Providers to obtain the maximum benefit from WebRTC technology. The main goal of this thesis is precisely to develop a WebRTC interoperability framework and perform experiments on whether the Communication Service Providers should use their existing IMS solutions or develop tailored web signalling platforms for WebRTC deployments. In particular, the work developed in this thesis was completed under the framework of the Webrtc interOperability tested in coNtradictive DEployment scenaRios (WONDER) experimentation for the OpenLab project. OpenLab is a Large-scale integrating project (IP) and is part of the European Union Framework Programme 7 for Research and Development (FP7) addressing the work programme topic Future Internet Research and Experimentation.Actualmente, el paradigma de comunicaciones está cambiando gracias a la convergencia de los servicios de comunicaciones hacia un modelo basado en redes IP. Aplicaciones tales como la mensajería y la voz sobre IP están creciendo en popularidad mientras los proveedores de servicios de comunicaciones se centran en ofrecer este tipo de servicios basados en redes IP. Por otra parte, la tecnología WebRTC ha surgido para facilitar la creación de aplicaciones web que incluyan comunicaciones en tiempo real sobre redes IP sin la necesidad de desarrollar o instalar ningún complemento. Esta tecnología no especifica los protocolos o sistemas a utilizar en el plano de control, dejando a los desarrolladores la posibilidad de usar WebRTC sobre soluciones de señalizaci on web específicas o utilizar las redes de señalización existentes, tales como IMS. WebRTC abre un gran abanico de posibilidades a los desarrolladores web, aunque también se recomienda a los proveedores de servicios de comunicaciones que desarrollen soluciones basadas en WebRTC como se describe en el estudio P2252 de Eurescom. La falta de especificaciones en el plano de señalización junto a las oportunidades y amenazas que WebRTC representa para los proveedores de servicios de comunicaciones, hacen evidente la necesidad de investigar soluciones de interoperabilidad para las distintas implementaciones de las plataformas de señalización y de experimentar c omo los proveedores de servicios de comunicaciones pueden obtener el máximo provecho de la tecnología WebRTC. El objetivo principal de este Proyecto Fin de Carrera es desarrollar un marco de interoperabilidad para WebRTC y realizar experimentos que permitan determinar bajo que condiciones los proveedores de servicios de comunicaciones deben utilizar las plataformas de se~nalizaci on existentes (en este caso IMS) o desarrollar plataformas de señalización a medida basadas en tecnologías web para sus despliegues de WebRTC. En particular, el trabajo realizado en este Proyecto Fin de Carrera se llevó a cabo bajo el marco del proyecto WONDER para el programa OpenLab. OpenLab es un proyecto de integración a gran escala en el cual se desarrollan investigaciones y experimentos en el ámbito del futuro Internet y que forma parte del programa FP7 de la Unión Europea.Ingeniería de Telecomunicació