Skip to main content Accessibility help
×
Home

Non-disclosure for distributed mobile code

Published online by Cambridge University Press:  27 October 2011

ANA ALMEIDA MATOS
Affiliation:
SQIG-Instituto de Telecomunicações and Instituto Superior Técnico de Lisboa, Portugal Email: ana.matos@ist.utl.pt; jan.cederquist@ist.utl.pt
JAN CEDERQUIST
Affiliation:
SQIG-Instituto de Telecomunicações and Instituto Superior Técnico de Lisboa, Portugal Email: ana.matos@ist.utl.pt; jan.cederquist@ist.utl.pt
Corresponding

Abstract

With the emergence of the new possibilities offered by global computing, new security issues follow from the fact that these possibilities can be equally exploited by parties with malicious intentions. Many attacks arise at the application level, and can be tackled by means of programming language techniques. For instance, confidentiality can be violated during the execution of programs that reveal secret information. This kind of program behaviour can be avoided by information flow analyses that detect the encoding of illegal flows.

This paper studies information flows that occur in distributed programs with code mobility from a language-based security perspective. New forms of security leaks that are introduced by code mobility, which we call migration leaks, are presented and compared with well-known forms of illegal flow. We propose an information flow property that is adequate for networks consisting of a generalisation of the non-disclosure policy. We design a type and effect system for enforcing it on an expressive distributed calculus, and explain a soundness proof methodology in detail.

Type
Paper
Copyright
Copyright © Cambridge University Press 2011

Access options

Get access to the full version of this content by using one of the access options below.

References

Almeida Matos, A. (2005) Non-disclosure for distributed mobile code. In: Ramanujam, R. and Sen, S. (eds.) FSTTCS'05: 25th International Conference on Foundations of Software Technology and Theoretical Computer Science. Springer-Verlag Lecture Notes in Computer Science 3821 177188.CrossRefGoogle Scholar
Almeida Matos, A. (2006) Typing secure information flow: declassification and mobility, Ph.D. thesis, École Nationale Supérieure des Mines de Paris.Google Scholar
Almeida Matos, A. (2009) Flow-policy awareness for distributed mobile code. In: Bravetti, M. and Zavattaro, G. (eds.) Proceedings of CONCUR 2009 – Concurrency Theory 20th International Conference. Springer-Verlag Lecture Notes in Computer Science 5710 5368.CrossRefGoogle Scholar
Almeida Matos, A. and Boudol, G. (2009) On declassification and the non-disclosure policy. Journal of Computer Security 17 (5)549597.CrossRefGoogle Scholar
Almeida Matos, A., Boudol, G. and Castellani, I. (2007) Typing noninterference for reactive programs. The Journal of Logic and Algebraic Programming 72 (2)124156. (Special Issue on Programming Language Interference and Dependence.)CrossRefGoogle Scholar
Bell, D. E. and La Padula, L. J. (1976) Secure computer system: Unified exposition and multics interpretation, Technical Report MTR-2997, The MITRE Corporation.Google Scholar
Boudol, G. (2004) ULM: A core programming model for global computing. In: Schmidt, D. A. (ed.) ESOP'04: 13th European Symposium on Programming. Springer-Verlag Lecture Notes in Computer Science 2986 234248.CrossRefGoogle Scholar
Boudol, G. (2005 a) A generic membrane model. In: Priami, C. and Quaglia, P. (eds.) GC'04: IST/FET International Workshop on Global Computing. Springer-Verlag Lecture Notes in Computer Science 3267 208222.CrossRefGoogle Scholar
Boudol, G. (2005 b) On typing information flow. In: Hung, D. V. and Wirsing, M. (eds.) ICTAC'05: Second International Colloquium on Theoretical Aspects of Computing. Springer-Verlag Lecture Notes in Computer Science 3722 366380.CrossRefGoogle Scholar
Boudol, G. and Castellani, I. (2002) Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281 (1–2)109130.CrossRefGoogle Scholar
Bugliesi, M., Castagna, G. and Crafa, S. (2001) Boxed ambients. In: Kobayashi, N. and Pierce, B. C. (eds.) TACS'01: 4th International Symposium on Theoretical Aspects of Computer Software. Springer-Verlag Lecture Notes in Computer Science 2215 3863.CrossRefGoogle Scholar
Bugliesi, M., Castagna, G. and Crafa, S. (2004) Access control for mobile agents: The calculus of boxed ambients. ACM Trans. Program. Lang. Syst. 26 (1)57124.CrossRefGoogle Scholar
Cardelli, L. and Gordon, A. D. (2000) Mobile ambients. Theoretical Computer Science 240 (1)177213.CrossRefGoogle Scholar
Cohen, E. (1977) Information transmission in computational systems. In: SOSP'77: sixth ACM Symposium on Operating Systems Principles, ACM Press 133139.Google Scholar
Crafa, S., Bugliesia, M. and Castagna, G. (2002) Information flow security for boxed ambients. In: Sassone, V. (ed.) F-WAN'02: Workshop on Foundations of Wide Area Network Computing. Electronic Notes in Theoretical Computer Science 66 7697.CrossRefGoogle Scholar
Dal Zilio, S. (2001) Mobile processes: A commented bibliography. In: Cassez, F., Jard, C., Rozoy, B. and Ryan, M. D. (eds.) MOVEP'00: 4th Summer School on Modeling and Verification of Parallel Processes. Springer-Verlag Lecture Notes in Computer Science 2067.CrossRefGoogle Scholar
Denning, D. E. (1976) A lattice model of secure information flow. Communications of the ACM 19 (5)236243.CrossRefGoogle Scholar
Focardi, R. and Gorrieri, R. (1995) A classification of security properties for process algebras. Journal of Computer Security 3 (1)533.CrossRefGoogle Scholar
Goguen, J. A. and Meseguer, J. (1982) Security policies and security models. In: Proceedings of the 1982 IEEE Symposium on Security and Privacy, IEEE Computer Society 1120.Google Scholar
Hennessy, M. and Riely, J. (2002) Information flow vs. resource access in the asynchronous pi-calculus. ACM Transactions on Programming Languages and Systems 24 (5)566591.CrossRefGoogle Scholar
Honda, K., Vasconcelos, V. T. and Yoshida, N. (2000) Secure information flow as typed process behaviour. In: Smolka, G. (ed.) ESOP'00: 9th European Symposium on Programming. Springer-Verlag Lecture Notes in Computer Science 1782 180199.CrossRefGoogle Scholar
Honda, K. and Yoshida, N. (2002) A uniform type structure for secure information flow. In: POPL'02: 29th ACM Symposium on Principles of Programming Languages, ACM Press 8192.CrossRefGoogle Scholar
Kırlı, D. (2000) Mobile functions and secure information flow. In: Degano, P. (ed.) WITS'00: Workshop on Issues in the Theory of Security.Google Scholar
Lucassen, J. M. and Gifford, D. K. (1988) Polymorphic effect systems. In: POPL'88: 15th ACM symposium on Principles of programming languages, ACM Press 4757.CrossRefGoogle Scholar
Mantel, H. and Sabelfeld, A. (2003) A unifying approach to the security of distributed and multi-threaded programs. Journal of Computer Security 11 (4)615676.CrossRefGoogle Scholar
Milner, R., Tofte, M., Harper, R. and MacQueen, D. (1997) The definition of Standard ML, revised edition, MIT Press.Google Scholar
Myers, A. C. (1999) JFlow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, ACM Press 228241.Google Scholar
Myers, A. C. and Liskov, B. (1998) Complete, safe information flow with decentralized labels. In: 19th IEEE Computer Society Symposium on Security and Privacy, IEEE Computer Society 186197.Google Scholar
Myers, A. C. and Liskov, B. (2000) Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9 (4)410442.CrossRefGoogle Scholar
Sabelfeld, A. (2001) The impact of synchronisation on secure information flow in concurrent programs. In: Bjørner, D., Broy, M. and Zamulin, A. V., (eds.) PSI'01: 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics. Springer-Verlag Lecture Notes in Computer Science 2244 225239.CrossRefGoogle Scholar
Sabelfeld, A. and Mantel, H. (2002) Securing communication in a concurrent language. In: Hermenegildo, M. V. and Puebla, G. (eds.) SAS'02: 9th International Symposium on Static Analysis. Springer-Verlag Lecture Notes in Computer Science 2477 376394.CrossRefGoogle Scholar
Sabelfeld, A. and Myers, A. (2004) A model for delimited information release. In: International Symposium on Software Security (ISSS'03). Springer-Verlag Lecture Notes in Computer Science 3233.CrossRefGoogle Scholar
Sabelfeld, A. and Myers, A. C. (2003) Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21 (1)519.CrossRefGoogle Scholar
Sabelfeld, A. and Sands, D. (2000) Probabilistic noninterference for multi-threaded programs. In: CSFW'00: 13th IEEE Computer Security Foundations Workshop, IEEE Computer Society 200215.CrossRefGoogle Scholar
Sabelfeld, A. and Sands, D. (2005) Dimensions and principles of declassification. In: CSFW'05: 18th IEEE Computer Security Foundations Workshop, IEEE Computer Society 255269.CrossRefGoogle Scholar
Sekiguchi, T. and Yonezawa, A. (1997) A calculus with code mobility. In: FMOODS'97: IFIP TC6 WG6.1 international workshop on Formal methods for open object-based distributed systems, Chapman and Hall 2136.CrossRefGoogle Scholar
Smith, G. (2001) A new type system for secure information flow. In: CSFW'01: 14th IEEE Computer Security Foundations Workshop, IEEE Computer Society 115125.Google Scholar
Volpano, D. M., Smith, G. and Irvine, C. E. (1996) A sound type system for secure flow analysis. Journal of Computer Security 4 (2–3)167188.CrossRefGoogle Scholar
Wright, A. K. and Felleisen, M. (1994) A syntactic approach to type soundness. Information and Computation 115 (1)3894.CrossRefGoogle Scholar

Full text views

Full text views reflects PDF downloads, PDFs sent to Google Drive, Dropbox and Kindle and HTML full text views.

Total number of HTML views: 0
Total number of PDF views: 12 *
View data table for this chart

* Views captured on Cambridge Core between September 2016 - 28th January 2021. This data will be updated every 24 hours.

Hostname: page-component-898fc554b-4dk4j Total loading time: 0.351 Render date: 2021-01-28T03:21:46.166Z Query parameters: { "hasAccess": "0", "openAccess": "0", "isLogged": "0", "lang": "en" } Feature Flags: { "shouldUseShareProductTool": true, "shouldUseHypothesis": true, "isUnsiloEnabled": true, "metricsAbstractViews": false, "figures": false, "newCiteModal": false }

Send article to Kindle

To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Non-disclosure for distributed mobile code
Available formats
×

Send article to Dropbox

To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

Non-disclosure for distributed mobile code
Available formats
×

Send article to Google Drive

To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

Non-disclosure for distributed mobile code
Available formats
×
×

Reply to: Submit a response


Your details


Conflicting interests

Do you have any conflicting interests? *