Advertisement

Security for Mobility

  • Hanne Riis Nielson
  • Flemming Nielson
  • Mikael Buchholtz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2946)

Abstract

We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access control where we devise Discretionary Ambients, based on Safe Ambients, and we adapt the semantics and 0CFA analysis; to strengthen the analysis we incorporate context-sensitivity to obtain a 1CFA analysis. This paves the way for dealing with mandatory access control where we express both a Bell-LaPadula model for confidentiality as well as a Biba model for integrity. Finally, we use Boxed Ambients as a means for expressing cryptographic key exchange protocols and we adapt the operational semantics and the 0CFA analysis.

Keywords

Access Control Type System Analysis Estimate Subject Reduction Moore Family 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols – The Spi calculus. Information and Computation 148(1), 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Aiken, A.: Introduction to set constraint-based program analysis. Science of Computer Programming (SCP) 35(2), 79–111 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Bell, D., LaPadula, L.: Secure computer system: Unified exposition and Multics interpretation. Technical Report ESDTR-75-306, MTR-2547, MITRE Corporation (1975)Google Scholar
  4. 4.
    Biba, K.J.: Integrity consideration for secure computer systems. Technical Report ESDTR-76-372, MTR-3153, MITRE Corporation (1977)Google Scholar
  5. 5.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Polynomialtime validation of protocol narration (2002) (manuscript)Google Scholar
  6. 6.
    Braghin, C., Cortesi, A., Focardi, R.: Control flow analysis for information flow security in Mobile Ambients. In: Proceedings of NordSec 2001. Technical Report IMM-TR-2001-14. Technical University of Denmark (2001)Google Scholar
  7. 7.
    Buchholtz, M., Nielson, F., Riis Nielson, H.: Experiments with Succinct Solvers. Technical Report IMM-TR-2002-4, Technical University of Denmark (2002)Google Scholar
  8. 8.
    Bugliesi, M., Castagna, G., Crafa, S.: Boxed Ambients. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 37–63. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Bugliesi, M., Castagna, G., Crafa, S.: Reasoning about security in Mobile Ambients. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 102–120. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems, 18–36 (1990)Google Scholar
  11. 11.
    Cardelli, L., Ghelli, G., Gordon, A.D.: Mobility types for Mobile Ambients. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 230–239. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Cardelli, L., Ghelli, G., Gordon, A.D.: Ambient groups and mobility types. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 333–347. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Cardelli, L., Gordon, A.D.: Mobile Ambients. In: Nivat, M. (ed.) FOSSACS 1998. LNCS, vol. 1378, pp. 140–155. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Cardelli, L., Gordon, A.D.: Types for Mobile Ambients. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1999), pp. 79–92. ACM Press, New York (1999)CrossRefGoogle Scholar
  15. 15.
    Cardelli, L., Gordon, A.D.: Anytime, anywhere: Modal logics for Mobile Ambients. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 365–377. ACM Press, New York (2000)CrossRefGoogle Scholar
  16. 16.
    Cardelli, L., Gordon, A.D.: Mobile Ambients. Theoretical Computer Science 240(1), 177–213 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Charatonik, W., Gordon, A.D., Talbot, J.-M.: Finite-control Mobile Ambients. In: Le Métayer, D. (ed.) ESOP 2002. LNCS, vol. 2305, pp. 295–313. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0 (1997), http://www-users.cs.york.ac.uk/~jac/papers/drareviewps.ps
  19. 19.
    Cousot, P., Cousot, R.: Abstract Interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1977), pp. 238–252. ACM Press, New York (1977)CrossRefGoogle Scholar
  20. 20.
    Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proceedings of the 6th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1979), pp. 269–282. ACM Press, New York (1979)CrossRefGoogle Scholar
  21. 21.
    Crafa, S., Bugliesi, M., Castagna, G.: Information flow security for Boxed Ambients. In F-WAN: Foundations of Wide Area Network Computing. Electronic Notes in Theoretical Computer Science, vol. 63 (2002)Google Scholar
  22. 22.
    Gollmann, D.: Computer Security. Wiley, Chichester (1999)Google Scholar
  23. 23.
    Levi, F., Maffeis, S.: An abstract interpretation framework for analysing Mobile Ambients. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, pp. 395–411. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Levi, F., Sangiorgi, D.: Controlling interference in ambients. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 352–364. ACM Press, New York (2000)CrossRefGoogle Scholar
  25. 25.
    McAllester, D.: On the complexity analysis of static analyses. In: Cortesi, A., Filé, G. (eds.) SAS 1999. LNCS, vol. 1694, pp. 312–329. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  26. 26.
    Merro, M., Sassone, V.: Typing and subtyping mobility in Boxed Ambients. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 304–320. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  27. 27.
    Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)zbMATHCrossRefGoogle Scholar
  28. 28.
    Nielson, F., Riis Nielson, H.: Flow Logics and operational semantics. Electronic Notes in Theoretical Computer Science 10 (1998)Google Scholar
  29. 29.
    Nielson, F., Riis Nielson, H., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)zbMATHGoogle Scholar
  30. 30.
    Nielson, F., Riis Nielson, H., Hansen, R.R.: Validating firewalls using flow logics. Theoretical Computer Science 283(2), 381–418 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Nielson, F., Riis Nielson, H., Hansen, R.R., Jensen, J.G.: Validating firewalls in Mobile Ambients. In: Baeten, J.C.M., Mauw, S. (eds.) CONCUR 1999. LNCS, vol. 1664, pp. 463–477. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  32. 32.
    Nielson, F., Riis Nielson, H., Seidl, H.: Automatic complexity analysis. In: Le Métayer, D. (ed.) ESOP 2002. LNCS, vol. 2305, pp. 243–261. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  33. 33.
    Nielson, F., Riis Nielson, H., Seidl, H.: Cryptographic analysis in cubic time. Electronic Notes in Theoretical Computer Science 62 (2002)Google Scholar
  34. 34.
    Nielson, F., Riis Nielson, H., Seidl, H.: Normalizable Horn clauses, strongly recognizable relations and Spi. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 20–35. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  35. 35.
    Nielson, F., Riis Nielson, H., Seidl, H.: Succinct Solvers (2002) (manuscript)Google Scholar
  36. 36.
    Nielson, F., Seidl, H.: Control-flow analysis in cubic time. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 252–268. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  37. 37.
    Riis Nielson, H., Nielson, F.: Shape analysis for Mobile Ambients. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 142–154. ACM Press, New York (2000)CrossRefGoogle Scholar
  38. 38.
    Riis Nielson, H., Nielson, F.: Shape analysis for Mobile Ambients. Nordic Journal of Computing 8, 233–275 (2001)zbMATHMathSciNetGoogle Scholar
  39. 39.
    Riis Nielson, H., Nielson, F.: Flow Logic: a multi-paradigmatic approach to static analysis. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 223–244. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  40. 40.
    Teller, D.T., Zimmer, P., Hirschkoff, D.: Using ambients to control resources. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 288–303. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Hanne Riis Nielson
    • 1
  • Flemming Nielson
    • 1
  • Mikael Buchholtz
    • 1
  1. 1.Informatics and Mathematical ModellingTechnical University of DenmarkLyngbyDenmark

Personalised recommendations