This paper addresses the issue of confidentiality and declassification for global computing in a language-based security perspective. The purpose is to deal with new forms of security leaks, which we call migration leaks, introduced by code mobility. We present a generalization of the non-disclosure policy [AB05] to networks, and a type and effect system for enforcing it. We consider an imperative higher-order lambda-calculus with concurrent threads and a flow declaration construct, enriched with a notion of domain and a standard migration primitive.


Type System Security Policy Security Level Information Leak Mobile Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AB05]
    Almeida Matos, A., Boudol, G.: On declassification and the nondisclosure policy. In: CSFW (2005)Google Scholar
  2. [ABC04]
    Almeida Matos, A., Boudol, G., Castellani, I.: Typing noninterference for reactive programs. In: FCS. TUCS General Publications, vol. 31 (2004)Google Scholar
  3. [BC02]
    Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1), 109–130 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  4. [BCC01]
    Bugliesi, M., Castagna, G., Crafa, S.: Boxed ambients. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, p. 38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [BCGL02]
    Boudol, G., Castellani, I., Germain, F., Lacoste, M.: Analysis of formal models of distribution and mobility: state of the art. Mikado D1.1.1 (2002)Google Scholar
  6. [Bou04]
    Boudol, G.: ULM, a core programming model for global computing. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 234–248. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. [Bou05]
    Boudol, G.: On typing information flow. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 366–380. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. [CBC02]
    Crafa, S., Bugliesi, M., Castagna, G.: Information flow security for boxed ambients. In: F-WAN. ENTCS, vol. 66(3) (2002)Google Scholar
  9. [Den76]
    Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  10. [GM82]
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Symposium on Security and Privacy (1982)Google Scholar
  11. [HR00]
    Hennessy, M., Riely, J.: Information flow vs resource access in the asynchronous pi-calculus. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, p. 415. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. [HVY00]
    Honda, K., Vasconcelos, V., Yoshida, N.: Secure information flow as typed process behaviour. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, p. 180. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. [LG88]
    Lucassen, J.M., Gifford, D.K.: Polymorphic effect systems. In: POPL (1988)Google Scholar
  14. [ML98]
    Myers, A., Liskov, B.: Complete, safe information flow with decentralized labels. In: Symposium on Security and Privacy (1998)Google Scholar
  15. [Sab01]
    Sabelfeld, A.: The impact of synchronization on secure information flow in concurrent programs. In: Andrei Ershov International Conference on Perspectives of System Informatics (2001)Google Scholar
  16. [SM02]
    Sabelfeld, A., Mantel, H.: Static confidentiality enforcement for distributed programs. In: CCL 1999. LNCS, vol. 2477 (2002)Google Scholar
  17. [SM03]
    Sabelfeld, A., Myers, A.: Language-based information-flow security. Journal on Selected Areas in Communications 21(1) (2003)Google Scholar
  18. [Smi01]
    Smith, G.: A new type system for secure information flow. In: CSFW (2001)Google Scholar
  19. [SS05]
    Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: CSFW (2005)Google Scholar
  20. [SV98]
    Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: POPL (1998)Google Scholar
  21. [VSI96]
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3) (1996)Google Scholar
  22. [ZZNM02]
    Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Secure program partitioning. ACM Transactions in Computer Systems 20(3), 283–328 (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ana Almeida Matos
    • 1
  1. 1.INRIA Sophia Antipolis 

Personalised recommendations