Nominal Calculi for Security and Mobility

Needham defines a pure name to be “nothing but a bit pattern that is an identifier, and is only useful for comparing for identitywith other bit patterns— which includes looking up in tables in order to find other information” [13]. In this paper, we argue that pure names are relevant to both security and mobility. A nominal calculus is a computational formalism that includes a set of pure names andallows the dynamic generation of fresh, unguessable names. We survey recent work on nominal calculi with primitives representing location failure, process migration and cryptography, and suggest areas for further work. Needham’s definition treats pure names as atoms; on the other hand, an impure name has additional structure of some kind. Perhaps it is a combination of component names; or perhaps there are operations to generate one name from another. To illustrate this distinction, consider the treatment of memory pointers in different programming languages. In Java, for instance, memory pointers are pure names. The type system enforcesNeedham’s abstract view of a bit pattern as a pure name; it allows programs to compare pointers for identity or to de-reference a pointer, but denies other operations, such as pointer arithmetic. On the other hand, in C, for instance, a memory pointer is an impure name; we have direct access to the bit pattern representing the pointer.