Boundary Inference for Enforcing Security Policies in Mobile Ambients
نویسندگان
چکیده
The notion of “boundary ambient” has been recently introduced to model multilevel security policies in the scenario of mobile systems, within pure Mobile Ambients calculus. Information flow is defined in terms of the possibility for a confidential ambient/data to move outside a security boundary, and boundary crossings can be captured through a suitable Control Flow Analysis. We show that this approach can be further enhanced to infer which ambients should be “protected” to guarantee the lack of information leakage for a given process. keywords: Mobile Ambients, Security, Static Analysis.
منابع مشابه
Security boundaries in mobile ambients
A new notion of Security Boundary is introduced to model multilevel security policies in the scenario of mobile systems, within Cardelli and Gordon’s “pure” Mobile Ambients calculus. Information leakage may be expressed in terms of the possibility for a hostile ambient to access confidential data that are not protected inside a security boundary. A control flow analysis is defined, as a refinem...
متن کاملSecure Data Flow in a Calculus for Context Awareness
We present a Mobile-Ambients-based process calculus to describe context-aware computing in an infrastructure-based Ubiquitous Computing setting. In our calculus, computing agents can provide and discover contextual information and are owners of security policies. Simple access control to contextual information is not sufficient to insure confidentiality in Global Computing, therefore our securi...
متن کاملInformation Leakage Detection in Boundary Ambients
A variant of Mobile Ambient Calculus is introduced, called Boundary Ambient, to model multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, we define a notion of non-interference which captures the absence of any (both direct ...
متن کاملInformation flow security in Boundary Ambients
A variant of the Mobile Ambient calculus, called Boundary Ambients, is introduced, supporting the modelling of multi-level security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, absence of direct information leakage is granted as soon as ...
متن کاملPii: S0096-0551(02)00009-7
A new notion of security boundary is introduced to model multilevel security policies in the scenario of mobile systems, within Cardelli and Gordon’s “pure” mobile ambients calculus. Information leakage may be expressed in terms of the possibility for a hostile ambient to access con0dential data that are not protected inside a security boundary. A control 1ow analysis is de0ned, as a re0nement ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002