Flow Policy Awareness for Distributed Mobile Code

  • Ana Almeida Matos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5710)


In the context of global computing, information flow security must deal with the decentralized nature of security policies. This issue is particularly challenging when programs are given the flexibility to perform declassifying instructions. We point out potential unwanted behaviors that can arise in a context where such programs can migrate between computation domains with different security policies. We propose programming language techniques for tackling such unwanted behaviors, and prove soundness of those techniques at the global computation level.


Type System Security Policy Security Level Operational Semantic Evaluation Context 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Almeida Matos, A.: Typing Secure Information Flow: Declassification and Mobility. PhD thesis, École Nationale Supérieure des Mines de Paris (2006)Google Scholar
  2. 2.
    Almeida Matos, A.: Flow policy awareness for distributed mobile code (proofs). Technical report, Instituto Superior Técnico de Lisboa (2008)Google Scholar
  3. 3.
    Almeida Matos, A., Boudol, G.: On declassification and the non-disclosure policy. In: 18th IEEE Computer Security Foundations Workshop, pp. 226–240. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  4. 4.
    Boudol, G.: A generic membrane model. In: Priami, C., Quaglia, P. (eds.) GC 2004. LNCS, vol. 3267, pp. 208–222. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1-2), 109–130 (2002)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Boudol, G., Kolundzija, M.: Access Control and Declassification. In: Computer Network Security. CCIS, vol. 1, pp. 85–98. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Crafa, S., Bugliesi, M., Castagna, G.: Information flow security for boxed ambients. In: Sassone, V. (ed.) Workshop on Foundations of Wide Area Network Computing. ENTCS, vol. 66, pp. 76–97. Elsevier, Amsterdam (2002)Google Scholar
  8. 8.
    Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symp. on Security and Privacy, pp. 11–20. IEEE Computer Society, Los Alamitos (1982)Google Scholar
  10. 10.
    Gorla, D., Hennessy, M., Sassone, V.: Security policies as membranes in systems for global computing. In: Foundations of Global Ubiquitous Computing, FGUC 2004. ENTCS, pp. 23–42. Elsevier, Amsterdam (2005)Google Scholar
  11. 11.
    Hicks, M., Tse, S., Hicks, B., Zdancewic, S.: Dynamic updating of information-flow policies. In: Workshop on Foundations of Comp. Security, pp. 7–18 (2005)Google Scholar
  12. 12.
    Lucassen, J.M., Gifford, D.K.: Polymorphic effect systems. In: 15th ACM Symp. on Principles of Programming Languages, pp. 47–57. ACM Press, New York (1988)Google Scholar
  13. 13.
    Mantel, H., Sabelfeld, A.: A unifying approach to the security of distributed and multi-threaded programs. Journal of Computer Security 11(4), 615–676 (2003)CrossRefGoogle Scholar
  14. 14.
    Martins, F., Vasconcelos, V.T.: History-based access control for distributed processes. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 98–115. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pp. 106–119. ACM, New York (1997)Google Scholar
  16. 16.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  17. 17.
    Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security (2007) (to appear)Google Scholar
  18. 18.
    Tse, S., Zdancewic, S.: Run-time principals in information-flow type systems. In: IEEE 2004 Symposium on Security and Privacy, pp. 179–193. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  19. 19.
    Zdancewic, S.: Challenges for information-flow security. In: 1st International Workshop on the Programming Language Interference and Dependence (2004)Google Scholar
  20. 20.
    Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.: Secure program partitioning. ACM Transactions on Computer Systems 20(3), 283–328 (2002)CrossRefGoogle Scholar
  21. 21.
    Zheng, L., Myers, A.: Dynamic security labels and noninterference. In: Proc. 2nd Workshop on Formal Aspects in Security and Trust, pp. 27–40. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ana Almeida Matos
    • 1
  1. 1.SQIG-Instituto de Telecomunicações and Instituto Superior Técnico de LisboaPortugal

Personalised recommendations