Se ure Composition of Untrusted Code: Wrappers and Causality Types

نویسندگان

  • Peter Sewell
  • Jan Vitek
چکیده

We onsider the problem of assembling on urrent software systems from untrusted or partially trusted off-theshelf omponents, using wrapper programs to en apsulate omponents and enfor e se urity poli ies. In previous work we introdu ed the boxpro ess al ulus with onstrained intera tion to express wrappers and dis ussed the rigorous formulation of their se urity properties. This paper addresses the veri ation of wrapper information ow properties. We present a novel ausal type system that statially aptures the allowed ows between wrapped possiblybadly-typed omponents; we use it to prove that an example unidire tionalow wrapper enfor es a ausal ow property.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Secure Composition of Untrusted Code: Wrappers and Causality Types

We consider the problem of assembling concurrent software systems from untrusted or partially trusted oo-the-shelf components, using wrapper programs to encapsulate components and enforce security policies. In previous work we introduced the box-process calculus with constrained interaction to express wrappers and discussed the rigorous formulation of their security properties. This paper addre...

متن کامل

Secure Composition of Untrusted Code: Box π, Wrappers, and Causality Types

Software systems are becoming heterogeneous: instead of a small number of large programs from well-established sources, a user’s desktop may now consist of many smaller components that interact in intricate ways. Some components will be downloaded from the network from sources that are only partially trusted. A user would like to know that a number of security properties hold, e.g. that persona...

متن کامل

Ááê Èööòø Ö Blockinú ¾¼¼¼»¼¼¼º Òòðý××× Óó Øøø Ïïòòòô Ò Blockinöýôøøóò Ññøøó

Analysis of the WinZip en ryption method Tadayoshi Kohno May 8, 2004 Abstra t WinZip is a popular ompression utility for Mi rosoft Windows omputers, the latest version of whi h is advertised as having \easy-to-use AES en ryption to prote t your sensitive data." We exhibit several atta ks against WinZip's new en ryption method, dubbed \AE-2" or \Advan ed En ryption, version two." We then dis uss...

متن کامل

Composition of Tourmalines from Hajiabad and Dehgah area, SE Boroujerd

Tourmaline can be found as an accessory mineral in a variety of rocks including leucogranite, pegmatite, quartz veins, and metamorphiccountry rocks in Hajiabad-Dehgah area in SE of Boroujerd city. Tourmaline in pegmatites is coarse-grained, subhedral to euhedral, anddisplays strong to moderate pleochroic blue rimmed by olive green. In contrast, tourmalines from leucogranite, quartz-veins, and h...

متن کامل

Isolating JavaScript with Filters, Rewriting, and Wrappers

We study methods that allow web sites to safely combine JavaScript from untrusted sources. If implemented properly, filters can prevent dangerous code from loading into the execution environment, while rewriting allows greater expressiveness by inserting run-time checks. Wrapping properties of the execution environment can prevent misuse without requiring changes to imported JavaScript. Using a...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017