Reasoning about Security in Mobile Ambients

  • Michele Bugliesi
  • Giuseppe Castagna
  • Silvia Crafa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2154)


The paper gives an assessment of security for Mobile Ambients, with specific focus on mandatory access control (MAC) policies in multilevel security systems. The first part of the paper reports on different formalization attempts for MAC policies in the Ambient Calculus, and provides an in-depth analysis of the problems one encounters. As it turns out, MAC security does not appear to have fully convincing interpretations in the calculus. The second part proposes a solution to this impasse, based on a variant of Mobile Ambients. A type system for resource access control is defined, and the new calculus is discussed and illustrated with several examples of resource management policies.


Access Control Type System Mobile Agent Security Policy Security Level 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AKPG01]
    T. Amtoft, A.J. Kfoury, and S.M. Pericas-Geertsen. What are polymorphically-typed ambients? In ESOP 2001, volume 2028 of LNCS, pages 206–220. Springer, 2001.Google Scholar
  2. [BC01]
    M. Bugliesi and G. Castagna. Secure safe ambients. In Proc. of the 28th ACM Symposium on Principles of Programming Languages, pages 222–235, London, 2001. ACM Press.Google Scholar
  3. [BCC01]
    M. Bugliesi, G. Castagna, and S. Crafa. Boxed ambients. Technical report, L.I.E.N.S., 2001. Available at
  4. [BP76]
    D.E. Bell and L. La Padula. Secure computer system: Unified exposition and multics interpretation,. Technical Report MTR-2997, MITRE Corporation, Bedford, MA. March 1976.Google Scholar
  5. [BV02]
    C. Bryce and J. Vitek. The JavaSeal mobile agent kernel. Autonomous Agents and Multi-Agent Systems, 2002. To appear.Google Scholar
  6. [Car00]
    L. Cardelli. Global computing. In IST FET Global Computing Consultation Workshop. 2000. Slides.Google Scholar
  7. [CG98]
    L. Cardelli and A. Gordon. Mobile ambients. In Proceedings of POPL’98. ACM Press, 1998.Google Scholar
  8. [CG99]
    L. Cardelli and A. Gordon. Types for mobile ambients. In Proceedings of POPL’99, pages 79–92. ACM Press, 1999.Google Scholar
  9. [CGG99]
    L. Cardelli, G. Ghelli, and A. Gordon. Mobility types for mobile ambients. In Proceedings of ICALP’99, number 1644 in LNCS, pages 230–239. Springer, 1999.Google Scholar
  10. [CGG00]
    L. Cardelli, G. Ghelli, and A. D. Gordon. Ambient groups and mobility types. In International Conference IFIP TCS, number 1872 in Lecture Notes in Computer Science, pages 333–347. Springer, August 2000.Google Scholar
  11. [CGZ01]
    G. Castagna, G. Ghelli, and F. Zappa. Typing mobility in the seal calculus. In CONCUR 2001 (12th. International Conference on Concurrency Theory), Lecture Notes in Computer Science, Aahrus, Danemark, 2001. Springer. This same volume.Google Scholar
  12. [DCS00]
    M. Dezani-Ciancaglini and I. Salvo. Security types for safe mobile ambients. In Proceedings of ASIAN’00, pages 215–236. Springer, 2000.Google Scholar
  13. [DNFP99]
    R. De Nicola, G. Ferrari, and R. Pugliese. Types as specifications of access policies. In Secure Internet Programming: Security Issues for Mobile and Distributed Objects, number 1603 in LNCS. Springer, 1999.Google Scholar
  14. [DoD85]
    US Department of Defense. Dod trusted computer system evaluation criteria, (the orange book). DOD 5200.28-STD, 1985.Google Scholar
  15. [FGL96]
    C. Fournet, G. Gonthier, J.-J. L’evy, L. Maranget, and D. R’emy. A calculus of mobile agents. In 7th International Conference on Concurrency Theory (CONCUR’96), volume 1119 of Lecture Notes in Computer Science, pages 406–421. Springer, 1996.Google Scholar
  16. [Gol99]
    D. Gollmann. Computer Security. John Wiley & Sons Ltd., 1999.Google Scholar
  17. [HR00a]
    M. Hennessy and J. Riely. Information flow vs. resource access in the asynchronous π-calculus (extended abstract). In Automata, Languages and Programming, 27th International Colloquium, volume 1853 of LNCS, pages 415–427. Springer, 2000.CrossRefGoogle Scholar
  18. [HR00b]
    M. Hennessy and J. Riely. Resource access control in systems of mobile agents. Information and Computation, 2000. To appear.Google Scholar
  19. [HR99]
    J. Riely and M. Hennessy. Trust and partial typing in open systems of mobile agents. In Proceedings of POPL’99, pages 93–104. ACM Press, 1999.Google Scholar
  20. [LR99]
    X. Leroy and F. Rouaix. Security properties of typed applets. In Secure Internet Programming-Security issues for Mobile and Distributed Objects, volume 1603 of LNCS, pages 147–182. Springer, 1999.Google Scholar
  21. [LS00]
    F. Levi and D. Sangiorgi. Controlling interference in ambients. In POPL’ 00, pages 352–364. ACM Press, 2000.Google Scholar
  22. [NN00]
    H. R. Nielson and F. Nielson. Shape analysis for mobile ambients. In POPL’00, pages 135–148. ACM Press, 2000.Google Scholar
  23. [NNHJ99]
    F. Nielson, H. Riis Nielson, R. R. Hansen, and J. G. Jensen. Validating firewalls in mobile ambients. In Proc. CONCUR’99, number 1664 in LNCS, pages 463–477. Springer, 1999.Google Scholar
  24. [SV00]
    P. Sewell and J. Vitek. Secure composition of untrusted code: Wrappers and causality types. In 13th IEEE Computer Security Foundations Workshop, 2000.Google Scholar
  25. [VC99]
    J. Vitek and G. Castagna. Seal: A framework for secure mobile computations. In Internet Programming Languages, number 1686 in LNCS. Springer, 1999.CrossRefGoogle Scholar
  26. [Zim00]
    P. Zimmer. Subtyping and typing algorithms for mobile ambients. In Proceedins of FoSSaCS’99, volume 1784 of LNCS, pages 375–390. Springer, 2000.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Michele Bugliesi
    • 1
  • Giuseppe Castagna
    • 2
  • Silvia Crafa
    • 1
    • 2
  1. 1.Dipartimento di InformaticaUniv. “Ca’ Foscari”VeneziaItaly
  2. 2.D’epartement d’Informatique’Ecole Normale Sup’erieureParisFrance

Personalised recommendations