Static Confidentiality Enforcement for Distributed Programs

Sabelfeld, Andrei; Mantel, Heiko

doi:10.1007/3-540-45789-5_27

Cited by 56 publications

(68 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A few representative studies include [Sab01,ABC04]. Already in a distributed setting, but restricting interaction between domains to the exchange of values (no code mobility), Mantel and Sabelfeld [SM02] provided a type system for preserving confidentiality for different kinds of channels over a publicly observable medium.…”

Section: Conclusion and Related Workmentioning

confidence: 99%

Non-disclosure for distributed mobile code

Matos¹,

Cederquist²

2011

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

Abstract. This paper addresses the issue of confidentiality and declassification for global computing in a language-based security perspective. The purpose is to deal with new forms of security leaks, which we call migration leaks, introduced by code mobility. We present a generalization of the non-disclosure policy [AB05] to networks, and a type and effect system for enforcing it. We consider an imperative higher-order lambdacalculus with concurrent threads and a flow declaration construct, enriched with a notion of domain and a standard migration primitive.

show abstract

Section: Conclusion and Related Workmentioning

confidence: 99%

Non-disclosure for distributed mobile code

Matos¹,

Cederquist²

2011

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

show abstract

“…In [20,19] the notion of noninterference for sequential and multithreaded programs is expressed in terms of a partial equivalence relation (per model) which captures the view of a σ-level observer. Intuitively, a configuration C, representing a program and the current state of the memory, is secure if C ∼ σ C where ∼ σ is a symmetric and transitive relation modeling the σ-level observation of program executions.…”

Section: Noninterference Through a Partial Equivalence Relationmentioning

confidence: 99%

A Theory of Noninterference for the π-Calculus

Crafa

Rossi

2005

Trustworthy Global Computing

View full text Add to dashboard Cite

Abstract. We develop a theory of noninterference for a typed version of the π-calculus where types are used to assign secrecy levels to channels. We provide two equivalent characterizations of noninterference based on a typed behavioural equivalence relative to a security level σ, which captures the idea of external observers of level σ. The first characterization involves a universal quantification over all the possible active attacks, i.e., malicious processes which interact with the system possibly leaking secret information. The second definition of noninterference is expressed in terms of an unwinding condition, which deals with so-called passive attacks trying to infer confidential information just by observing the behaviour of the system. This unwinding-based characterization naturally leads to efficient methods for the verification and construction of (compositional) secure systems. Furthermore, we characterize noninterference in terms of bisimulation-like (partial) equivalence relations in the style of a stream of similar studies for other process calculi (e.g., CCS and CryptoSPA) and languages (e.g., imperative and multi-threaded languages).

show abstract

“…Secure contexts are also studied by Sabelfeld and Mantel in [34] where they propose a timing-sensitive security definition for programs in a simple multi-threaded language. Sabelfeld and Mantel give a syntactic characterization of a class of contexts in their language which preserve security, i.e., they are secure whenever one substitutes holes with secure programs.…”

Section: Related Workmentioning

confidence: 99%

Information flow in secure contexts

Bossi

Macedonio

Piazza

et al. 2005

JCS

View full text Add to dashboard Cite

Information flow security in a multilevel system aims at guaranteeing that no high level information is revealed to low level users, even in the presence of any possible malicious process. This requirement could be stronger than necessary when some knowledge about the environment (context) in which the process is going to run is available. To relax this requirement we introduce the notion of secure contexts for a class of processes. This notion is parametric with respect to both the observation equivalence and the operation used to characterize the low level view of a process. As observation equivalence we consider the cases of weak bisimulation and trace equivalence. We describe how to build secure contexts in these cases and we show that two well-known security properties, named BNDC and NDC, are just special instances of our general notion.£ This work has been partially supported by the EU Contract IST-2001-32617 "Models and Types for Security in Mobile Distributed Systems" (MyThS) and the FIRB project RBAU018RCZ "Interpretazione astratta e model checking per la verifica di sistemi embedded".

show abstract

Static Confidentiality Enforcement for Distributed Programs

Cited by 56 publications

References 36 publications

Non-disclosure for distributed mobile code

Non-disclosure for distributed mobile code

A Theory of Noninterference for the π-Calculus

Information flow in secure contexts

Contact Info

Product

Resources

About