Secure Information Flow in Orc (DRAFT)
نویسنده
چکیده
Secure information flow attempts to verify that programs do not leak information to unauthorized third parties. Previous approaches to secure information flow have considered classical sequential languages and concurrent languages based on channels. In this work, we demonstrate how techniques from secure information flow can be used to verify security properties of structured concurrent workflows expressed in the Orc calculus. Unlike channel-based concurrent languages, Orc imposes structure on the flow of information between processes, enabling more straightforward analysis of some programs. Orc also relies heavily on non-termination to manage control flow, requiring a more sophisticated analysis of termination properties.
منابع مشابه
Secure Information Flow in the Orc Concurrent Programming Language Project Report
Orc is a concurrent, functional-like programming language. We extend Orc’s type system with secure typing, to control the flow of information through programs according to a security policy. This policy is encoded in a lattice of labels that can be applied to values. The partial order of labels specifies the allowed information flows. The impact of Orc’s design and of concurrency in general are...
متن کاملWorkflow Patterns in Orc
Van der Aalst recently proposed a set of workflow patterns to characterize the kinds of control flow that appear frequently in workflow processes. These patterns are useful for evaluating the capabilities of workflow systems and models. In this paper we provide implementations of the workflow patterns in Orc, a new process calculus for orchestrating wide-area computations. A key feature of the ...
متن کاملDraft Draft Draft Draft Draft Draft Draft Draft
This paper presents an architectural framework, which identiies the core services necessary for a secure Internet-based communication and information infrastructure. We show how these services can be realized using existing software packages and new technologies. Then, we turn to the development of security infrastructures using the rapid prototyping environment \Wafe" and the extensible Web br...
متن کاملDevising ethical codes for e-contents in e-learning
Background: Promoting ethics is one of the goals of education, but the free flow of communication and divulging unethical behaviors in e-learning make the urgent need to clarify ethical values. Therefore, the aim of this study was to prepare ethical codes to develop and deliver e-contents. Methods: A draft of e-content ethical codes was prepared based on the literature review. Then, it was ...
متن کاملSIFTAL: A Typed Assembly Language for Secure Information Flow Analysis Technical Report Draft - Not for distribution
2 SIFTAL 4 2.1 Syntax of SIFTAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Type System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.1 Typing Basic Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.2 Typing Operands, Word Values and Heap Values . . . ...
متن کامل