Information Leakage Detection in Boundary Ambients
نویسندگان
چکیده
A variant of Mobile Ambient Calculus is introduced, called Boundary Ambient, to model multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, we define a notion of non-interference which captures the absence of any (both direct and indirect) information leakage. Then, we guarantee non-interference by extending a control flow analysis that computes an over approximation of all ambients and capabilities that may be affected by the actual values of high level data.
منابع مشابه
Boundary Inference for Enforcing Security Policies in Mobile Ambients
The notion of “boundary ambient” has been recently introduced to model multilevel security policies in the scenario of mobile systems, within pure Mobile Ambients calculus. Information flow is defined in terms of the possibility for a confidential ambient/data to move outside a security boundary, and boundary crossings can be captured through a suitable Control Flow Analysis. We show that this ...
متن کاملInformation flow security in Boundary Ambients
A variant of the Mobile Ambient calculus, called Boundary Ambients, is introduced, supporting the modelling of multi-level security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, absence of direct information leakage is granted as soon as ...
متن کاملSecurity boundaries in mobile ambients
A new notion of Security Boundary is introduced to model multilevel security policies in the scenario of mobile systems, within Cardelli and Gordon’s “pure” Mobile Ambients calculus. Information leakage may be expressed in terms of the possibility for a hostile ambient to access confidential data that are not protected inside a security boundary. A control flow analysis is defined, as a refinem...
متن کاملPii: S0096-0551(02)00009-7
A new notion of security boundary is introduced to model multilevel security policies in the scenario of mobile systems, within Cardelli and Gordon’s “pure” mobile ambients calculus. Information leakage may be expressed in terms of the possibility for a hostile ambient to access con0dential data that are not protected inside a security boundary. A control 1ow analysis is de0ned, as a re0nement ...
متن کاملBehind BANANA: Design and Implementation of a Tool for Nesting Analysis of Mobile Ambients
We present a survey of the work on control-flow analysis carried on by the Venice Team during the Mefisto project. We study security issues, in particular information leakage detection, in the context of the Mobile Ambient calculus. We describe BANANA, a Java-based tool for ambient nesting analysis, by focussing on analysis accuracy and algorithmic optimizations.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Electr. Notes Theor. Comput. Sci.
دوره 78 شماره
صفحات -
تاریخ انتشار 2003