Abstract
We show how to use static analysis to provide information about security issues related to mobility. First the syntax and semantics of Mobile Ambients is reviewed and we show how to obtain a so-called 0CFA analysis that can be implemented in polynomial time. Next we consider discretionary access control where we devise Discretionary Ambients, based on Safe Ambients, and we adapt the semantics and 0CFA analysis; to strengthen the analysis we incorporate context-sensitivity to obtain a 1CFA analysis. This paves the way for dealing with mandatory access control where we express both a Bell-LaPadula model for confidentiality as well as a Biba model for integrity. Finally, we use Boxed Ambients as a means for expressing cryptographic key exchange protocols and we adapt the operational semantics and the 0CFA analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols – The Spi calculus. Information and Computation 148(1), 1–70 (1999)
Aiken, A.: Introduction to set constraint-based program analysis. Science of Computer Programming (SCP) 35(2), 79–111 (1999)
Bell, D., LaPadula, L.: Secure computer system: Unified exposition and Multics interpretation. Technical Report ESDTR-75-306, MTR-2547, MITRE Corporation (1975)
Biba, K.J.: Integrity consideration for secure computer systems. Technical Report ESDTR-76-372, MTR-3153, MITRE Corporation (1977)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Polynomialtime validation of protocol narration (2002) (manuscript)
Braghin, C., Cortesi, A., Focardi, R.: Control flow analysis for information flow security in Mobile Ambients. In: Proceedings of NordSec 2001. Technical Report IMM-TR-2001-14. Technical University of Denmark (2001)
Buchholtz, M., Nielson, F., Riis Nielson, H.: Experiments with Succinct Solvers. Technical Report IMM-TR-2002-4, Technical University of Denmark (2002)
Bugliesi, M., Castagna, G., Crafa, S.: Boxed Ambients. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 37–63. Springer, Heidelberg (2001)
Bugliesi, M., Castagna, G., Crafa, S.: Reasoning about security in Mobile Ambients. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 102–120. Springer, Heidelberg (2001)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems, 18–36 (1990)
Cardelli, L., Ghelli, G., Gordon, A.D.: Mobility types for Mobile Ambients. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 230–239. Springer, Heidelberg (1999)
Cardelli, L., Ghelli, G., Gordon, A.D.: Ambient groups and mobility types. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 333–347. Springer, Heidelberg (2000)
Cardelli, L., Gordon, A.D.: Mobile Ambients. In: Nivat, M. (ed.) FOSSACS 1998. LNCS, vol. 1378, pp. 140–155. Springer, Heidelberg (1998)
Cardelli, L., Gordon, A.D.: Types for Mobile Ambients. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1999), pp. 79–92. ACM Press, New York (1999)
Cardelli, L., Gordon, A.D.: Anytime, anywhere: Modal logics for Mobile Ambients. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 365–377. ACM Press, New York (2000)
Cardelli, L., Gordon, A.D.: Mobile Ambients. Theoretical Computer Science 240(1), 177–213 (2000)
Charatonik, W., Gordon, A.D., Talbot, J.-M.: Finite-control Mobile Ambients. In: Le Métayer, D. (ed.) ESOP 2002. LNCS, vol. 2305, pp. 295–313. Springer, Heidelberg (2002)
Clark, J., Jacob, J.: A survey of authentication protocol literature: Version 1.0 (1997), http://www-users.cs.york.ac.uk/~jac/papers/drareviewps.ps
Cousot, P., Cousot, R.: Abstract Interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1977), pp. 238–252. ACM Press, New York (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proceedings of the 6th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1979), pp. 269–282. ACM Press, New York (1979)
Crafa, S., Bugliesi, M., Castagna, G.: Information flow security for Boxed Ambients. In F-WAN: Foundations of Wide Area Network Computing. Electronic Notes in Theoretical Computer Science, vol. 63 (2002)
Gollmann, D.: Computer Security. Wiley, Chichester (1999)
Levi, F., Maffeis, S.: An abstract interpretation framework for analysing Mobile Ambients. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, pp. 395–411. Springer, Heidelberg (2001)
Levi, F., Sangiorgi, D.: Controlling interference in ambients. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 352–364. ACM Press, New York (2000)
McAllester, D.: On the complexity analysis of static analyses. In: Cortesi, A., Filé, G. (eds.) SAS 1999. LNCS, vol. 1694, pp. 312–329. Springer, Heidelberg (1999)
Merro, M., Sassone, V.: Typing and subtyping mobility in Boxed Ambients. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 304–320. Springer, Heidelberg (2002)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)
Nielson, F., Riis Nielson, H.: Flow Logics and operational semantics. Electronic Notes in Theoretical Computer Science 10 (1998)
Nielson, F., Riis Nielson, H., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)
Nielson, F., Riis Nielson, H., Hansen, R.R.: Validating firewalls using flow logics. Theoretical Computer Science 283(2), 381–418 (2002)
Nielson, F., Riis Nielson, H., Hansen, R.R., Jensen, J.G.: Validating firewalls in Mobile Ambients. In: Baeten, J.C.M., Mauw, S. (eds.) CONCUR 1999. LNCS, vol. 1664, pp. 463–477. Springer, Heidelberg (1999)
Nielson, F., Riis Nielson, H., Seidl, H.: Automatic complexity analysis. In: Le Métayer, D. (ed.) ESOP 2002. LNCS, vol. 2305, pp. 243–261. Springer, Heidelberg (2002)
Nielson, F., Riis Nielson, H., Seidl, H.: Cryptographic analysis in cubic time. Electronic Notes in Theoretical Computer Science 62 (2002)
Nielson, F., Riis Nielson, H., Seidl, H.: Normalizable Horn clauses, strongly recognizable relations and Spi. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 20–35. Springer, Heidelberg (2002)
Nielson, F., Riis Nielson, H., Seidl, H.: Succinct Solvers (2002) (manuscript)
Nielson, F., Seidl, H.: Control-flow analysis in cubic time. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 252–268. Springer, Heidelberg (2001)
Riis Nielson, H., Nielson, F.: Shape analysis for Mobile Ambients. In: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 142–154. ACM Press, New York (2000)
Riis Nielson, H., Nielson, F.: Shape analysis for Mobile Ambients. Nordic Journal of Computing 8, 233–275 (2001)
Riis Nielson, H., Nielson, F.: Flow Logic: a multi-paradigmatic approach to static analysis. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 223–244. Springer, Heidelberg (2002)
Teller, D.T., Zimmer, P., Hirschkoff, D.: Using ambients to control resources. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 288–303. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nielson, H.R., Nielson, F., Buchholtz, M. (2004). Security for Mobility. In: Focardi, R., Gorrieri, R. (eds) Foundations of Security Analysis and Design II. FOSAD 2001. Lecture Notes in Computer Science, vol 2946. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24631-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-24631-2_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20955-3
Online ISBN: 978-3-540-24631-2
eBook Packages: Springer Book Archive