Abstract
In the context of global computing, information flow security must deal with the decentralized nature of security policies. This issue is particularly challenging when programs are given the flexibility to perform declassifying instructions. We point out potential unwanted behaviors that can arise in a context where such programs can migrate between computation domains with different security policies. We propose programming language techniques for tackling such unwanted behaviors, and prove soundness of those techniques at the global computation level.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Almeida Matos, A.: Typing Secure Information Flow: Declassification and Mobility. PhD thesis, École Nationale Supérieure des Mines de Paris (2006)
Almeida Matos, A.: Flow policy awareness for distributed mobile code (proofs). Technical report, Instituto Superior Técnico de Lisboa (2008)
Almeida Matos, A., Boudol, G.: On declassification and the non-disclosure policy. In: 18th IEEE Computer Security Foundations Workshop, pp. 226–240. IEEE Computer Society, Los Alamitos (2005)
Boudol, G.: A generic membrane model. In: Priami, C., Quaglia, P. (eds.) GC 2004. LNCS, vol. 3267, pp. 208–222. Springer, Heidelberg (2005)
Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1-2), 109–130 (2002)
Boudol, G., Kolundzija, M.: Access Control and Declassification. In: Computer Network Security. CCIS, vol. 1, pp. 85–98. Springer, Heidelberg (2007)
Crafa, S., Bugliesi, M., Castagna, G.: Information flow security for boxed ambients. In: Sassone, V. (ed.) Workshop on Foundations of Wide Area Network Computing. ENTCS, vol. 66, pp. 76–97. Elsevier, Amsterdam (2002)
Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symp. on Security and Privacy, pp. 11–20. IEEE Computer Society, Los Alamitos (1982)
Gorla, D., Hennessy, M., Sassone, V.: Security policies as membranes in systems for global computing. In: Foundations of Global Ubiquitous Computing, FGUC 2004. ENTCS, pp. 23–42. Elsevier, Amsterdam (2005)
Hicks, M., Tse, S., Hicks, B., Zdancewic, S.: Dynamic updating of information-flow policies. In: Workshop on Foundations of Comp. Security, pp. 7–18 (2005)
Lucassen, J.M., Gifford, D.K.: Polymorphic effect systems. In: 15th ACM Symp. on Principles of Programming Languages, pp. 47–57. ACM Press, New York (1988)
Mantel, H., Sabelfeld, A.: A unifying approach to the security of distributed and multi-threaded programs. Journal of Computer Security 11(4), 615–676 (2003)
Martins, F., Vasconcelos, V.T.: History-based access control for distributed processes. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 98–115. Springer, Heidelberg (2005)
Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pp. 106–119. ACM, New York (1997)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security (2007) (to appear)
Tse, S., Zdancewic, S.: Run-time principals in information-flow type systems. In: IEEE 2004 Symposium on Security and Privacy, pp. 179–193. IEEE Computer Society Press, Los Alamitos (2004)
Zdancewic, S.: Challenges for information-flow security. In: 1st International Workshop on the Programming Language Interference and Dependence (2004)
Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.: Secure program partitioning. ACM Transactions on Computer Systems 20(3), 283–328 (2002)
Zheng, L., Myers, A.: Dynamic security labels and noninterference. In: Proc. 2nd Workshop on Formal Aspects in Security and Trust, pp. 27–40. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Almeida Matos, A. (2009). Flow Policy Awareness for Distributed Mobile Code. In: Bravetti, M., Zavattaro, G. (eds) CONCUR 2009 - Concurrency Theory. CONCUR 2009. Lecture Notes in Computer Science, vol 5710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04081-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-04081-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04080-1
Online ISBN: 978-3-642-04081-8
eBook Packages: Computer ScienceComputer Science (R0)