Information flow security in Boundary Ambients
نویسندگان
چکیده
A variant of the Mobile Ambient calculus, called Boundary Ambients, is introduced, supporting the modelling of multi-level security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, absence of direct information leakage is granted as soon as the initial process satisfies some syntactic conditions. We then give a new notion of non-interference for Boundary Ambients aiming at capturing indirect flows, too. We design a Control Flow Analysis that computes an over-approximation of all ambients that may be affected at run-time by high-level data and we show that this static analysis can be used to enforce non-interference, i.e., to statically detect that no (direct or indirect) information leakage is ever possible at run-time.
منابع مشابه
Boundary Inference for Enforcing Security Policies in Mobile Ambients
The notion of “boundary ambient” has been recently introduced to model multilevel security policies in the scenario of mobile systems, within pure Mobile Ambients calculus. Information flow is defined in terms of the possibility for a confidential ambient/data to move outside a security boundary, and boundary crossings can be captured through a suitable Control Flow Analysis. We show that this ...
متن کاملInformation Leakage Detection in Boundary Ambients
A variant of Mobile Ambient Calculus is introduced, called Boundary Ambient, to model multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, we define a notion of non-interference which captures the absence of any (both direct ...
متن کاملSecurity boundaries in mobile ambients
A new notion of Security Boundary is introduced to model multilevel security policies in the scenario of mobile systems, within Cardelli and Gordon’s “pure” Mobile Ambients calculus. Information leakage may be expressed in terms of the possibility for a hostile ambient to access confidential data that are not protected inside a security boundary. A control flow analysis is defined, as a refinem...
متن کاملInformation Flow Security in Mobile Ambients 1 Agostino Cortesi
Amultilevel security policy is considered in the scenario of mobile systems, and modeled within “pure” Mobile Ambients calculus, in which no communication channels are present and the only possible actions are represented by the moves performed by mobile processes. The information flow property of interest is defined in terms of the possibility for a confidential ambient/data to move outside a ...
متن کاملInformation Flow Security in Mobile Ambients
A multilevel security policy is considered in the scenario of mobile systems, and modeled within “pure” Mobile Ambients calculus, in which no communication channels are present and the only possible actions are represented by the moves performed by mobile processes. The information flow property of interest is defined in terms of the possibility for a confidential ambient/data to move outside a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Inf. Comput.
دوره 206 شماره
صفحات -
تاریخ انتشار 2008