This paper addresses the issue of confidentiality and declassification for global computing in a language-based security perspective. The purpose is to deal with new forms of security leaks, which we call migration leaks, introduced by code mobility. We present a generalization of the non-disclosure policy [AB05] to networks, and a type and effect system for enforcing it. We consider an imperative higher-order lambda-calculus with concurrent threads and a flow declaration construct, enriched with a notion of domain and a standard migration primitive.


Migration Cond 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AB05]
    Almeida Matos, A., Boudol, G.: On declassification and the nondisclosure policy. In: CSFW (2005)Google Scholar
  2. [ABC04]
    Almeida Matos, A., Boudol, G., Castellani, I.: Typing noninterference for reactive programs. In: FCS. TUCS General Publications, vol. 31 (2004)Google Scholar
  3. [BC02]
    Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1), 109–130 (2002)MATHCrossRefMathSciNetGoogle Scholar
  4. [BCC01]
    Bugliesi, M., Castagna, G., Crafa, S.: Boxed ambients. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, p. 38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [BCGL02]
    Boudol, G., Castellani, I., Germain, F., Lacoste, M.: Analysis of formal models of distribution and mobility: state of the art. Mikado D1.1.1 (2002)Google Scholar
  6. [Bou04]
    Boudol, G.: ULM, a core programming model for global computing. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 234–248. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. [Bou05]
    Boudol, G.: On typing information flow. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 366–380. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. [CBC02]
    Crafa, S., Bugliesi, M., Castagna, G.: Information flow security for boxed ambients. In: F-WAN. ENTCS, vol. 66(3) (2002)Google Scholar
  9. [Den76]
    Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)MATHCrossRefMathSciNetGoogle Scholar
  10. [GM82]
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Symposium on Security and Privacy (1982)Google Scholar
  11. [HR00]
    Hennessy, M., Riely, J.: Information flow vs resource access in the asynchronous pi-calculus. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, p. 415. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. [HVY00]
    Honda, K., Vasconcelos, V., Yoshida, N.: Secure information flow as typed process behaviour. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, p. 180. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. [LG88]
    Lucassen, J.M., Gifford, D.K.: Polymorphic effect systems. In: POPL (1988)Google Scholar
  14. [ML98]
    Myers, A., Liskov, B.: Complete, safe information flow with decentralized labels. In: Symposium on Security and Privacy (1998)Google Scholar
  15. [Sab01]
    Sabelfeld, A.: The impact of synchronization on secure information flow in concurrent programs. In: Andrei Ershov International Conference on Perspectives of System Informatics (2001)Google Scholar
  16. [SM02]
    Sabelfeld, A., Mantel, H.: Static confidentiality enforcement for distributed programs. In: CCL 1999. LNCS, vol. 2477 (2002)Google Scholar
  17. [SM03]
    Sabelfeld, A., Myers, A.: Language-based information-flow security. Journal on Selected Areas in Communications 21(1) (2003)Google Scholar
  18. [Smi01]
    Smith, G.: A new type system for secure information flow. In: CSFW (2001)Google Scholar
  19. [SS05]
    Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: CSFW (2005)Google Scholar
  20. [SV98]
    Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: POPL (1998)Google Scholar
  21. [VSI96]
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3) (1996)Google Scholar
  22. [ZZNM02]
    Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Secure program partitioning. ACM Transactions in Computer Systems 20(3), 283–328 (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ana Almeida Matos
    • 1
  1. 1.INRIA Sophia Antipolis 

Personalised recommendations