Abstract
The notion of “boundary ambient” has been recently introduced to model multilevel security policies in the scenario of mobile systems, within pure Mobile Ambients calculus. Information flow is defined in terms of the possibility for a confidential ambient/data to move outside a security boundary, and boundary crossings can be captured through a suitable Control Flow Analysis. We show that this approach can be further enhanced to infer which ambients should be “protected” to guarantee the lack of information leakage for a given process.
Work partially supported by MURST Projects “Interpretazione Astratta, Type Systems e Analisi Control-Flow”, and MEFISTO, and EU Contract IST-2001-32617.
Chapter PDF
References
US Department of Defense. DoD Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, 1985.
C. Bodei, P. Degano, F. Nielson, and H.R.Nielson. Static Analysis of Processes for No Read-Up and No-Write-Down. In Proc. FoSSaCS’99, volume 1578 of Lecture Notes in Computer Science, pages 120–134, Springer-Verlag, 1999.
Chiara Braghin, Agostino Cortesi, and Riccardo Focardi. Control Flow Analysis of Mobile Ambients with Security Boundaries. In Bart Jacobs and Arend Rensink, editors, Proc. of Fifth IFIP International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS’02), pages 197–212. Kluwer Academic Publisher, 2002.
M. Bugliesi and G. Castagna. Secure Safe Ambients. In Proc. 28th ACM Symposium on Principles of Programming Languages (POPL’01), pp. 222–235, London. 2001.
L. Cardelli and A. Gordon. Mobile Ambients. In Proc. FoSSaCS’98, volume 1378 of Lecture Notes in Computer Science, pages 140–155, Springer-Verlag, 1998.
A. Cortesi, and R. Focardi. Information Flow Security in Mobile Ambients. In Proc. of International Workshop on Cuncurrency and Coordination CONCOORD’01, Lipari Island, July 2001, volume 54 of Electronic Notes in Theoretical Computer Science, Elsevier, 2001.
P. Degano, F. Levi, C. Bodei. Safe Ambients: Control Flow Analysis and Security. In Proceedings of ASIAN’00, LNCS 1961, 2000, pages 199–214.
R. Focardi and R. Gorrieri. A Classification of Security Properties for Process Algebras. Journal of Computer Security, 3 (1): 5–33, 1995.
R. Focardi and R. Gorrieri. The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties, IEEE Transactions on Software Engineering, Vol. 23, No. 9, September 1997.
R. Focardi, R. Gorrieri, F. Martinelli. Information Flow Analysis in a Discrete Time Process Algebra, in Proc. of 13th IEEE Computer Security Foundations Workshop (CSFW13), (P.Syverson ed), IEEE CS Press, 170–184, 2000.
R. R. Hansen, J. G. Jensen, E Nielson, and H. R. Nielson. Abstract Interpretation of Mobile Ambients. In Proc. Static Analysis Symposium SAS’99, volume 1694 of Lecture Notes in Computer Science, pages 134–148, Springer-Verlag, 1999.
M. Hennessy, J. Riely. Information Flow vs. Resource Access in the Asynchronous Pi-Calculus. ICALP 2000: 415–427.
G. Smith, D.M. Volpano, Secure Information Flow in a Multi-Threaded Imperative Language. In Proc. of POPL 1998: 355–364.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer Science+Business Media New York
About this chapter
Cite this chapter
Braghin, C., Cortesi, A., Focardi, R., van Bakel, S. (2002). Boundary Inference for Enforcing Security Policies in Mobile Ambients. In: Baeza-Yates, R., Montanari, U., Santoro, N. (eds) Foundations of Information Technology in the Era of Network and Mobile Computing. IFIP — The International Federation for Information Processing, vol 96. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35608-2_32
Download citation
DOI: https://doi.org/10.1007/978-0-387-35608-2_32
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5275-5
Online ISBN: 978-0-387-35608-2
eBook Packages: Springer Book Archive