Analysing the Information Flow Properties of Object-Capability Patterns

Murray, Toby; Lowe, Gavin

doi:10.1007/978-3-642-12459-4_7

Toby Murray¹⁸ &
Gavin Lowe¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5983))

Included in the following conference series:

International Workshop on Formal Aspects in Security and Trust

395 Accesses
8 Citations

Abstract

We consider the problem of detecting covert channels within security-enforcing object-capability patterns. Traditional formalisms for reasoning about the security properties of object-capability patterns require one to be aware, a priori, of all possible mechanisms for covert information flow that might be present within a pattern, in order to detect covert channels within it. We show how the CSP process algebra, and its model-checker FDR, can be applied to overcome this limitation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Elkaduwe, D., Klein, G., Elphinstone, K.: Verified protection model of the seL4 microkernel. In: Shankar, N., Woodcock, J. (eds.) VSTTE 2008. LNCS, vol. 5295, pp. 99–114. Springer, Heidelberg (2008)
Chapter Google Scholar
Focardi, R.: Comparing two information flow security properties. In: Proceedings of CSFW 1996, pp. 116–122. IEEE Computer Society, Los Alamitos (1996)
Google Scholar
Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer Security 3(1), 5–33 (1995)
Google Scholar
Formal Systems (Europe), Limited. FDR2 User Manual (2005)
Google Scholar
Grove, D., Murray, T., Owen, C., North, C., Jones, J., Beaumont, M.R., Hopkins, B.D.: An overview of the Annex system. In: Proceedings of ACSAC 2007 (2007)
Google Scholar
Lazić, R.S.: A Semantic Study of Data Independence with Applications to Model Checking. D.Phil. thesis. Oxford University Computing Laboratory (1999)
Google Scholar
Lowe, G.: On information flow and refinement-closure. In: Proceedings of the Workshop on Issues in the Theory of Security, WITS 2007 (2007)
Google Scholar
Mettler, A.M., Wagner, D.: The Joe-E language specification, version 1.0. Technical Report EECS-2008-91, University of California, Berkeley (August 2008)
Google Scholar
Miller, M.S.: Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis. Johns Hopkins University (2006)
Google Scholar
Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized JavaScript, draft (2008)
Google Scholar
Murray, T.: Analysing the Security Properties of Object-Capability Patterns. D.Phil. thesis. University of Oxford (2010) (Forthcoming)
Google Scholar
Murray, T., Lowe, G.: On refinement-closed security properties and nondeterministic compositions. In: Proceedings of AVoCS 2008, pp. 49–68 (2009)
Google Scholar
Rohrmair, G.T., Lowe, G.: Using data-independence in the analysis of intrusion detection systems. Theoretical Computer Science 340(1), 82–101 (2005)
Article MATH MathSciNet Google Scholar
Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs (1997)
Google Scholar
Roscoe, A.W., Broadfoot, P.J.: Proving security protocols with model checkers by data independence techniques. J. Comput. Secur. 7(2-3), 147–190 (1999)
Google Scholar
Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: Proceedings of CSFW 1999, p. 228. IEEE Computer Society, Los Alamitos (1999)
Google Scholar
Ryan, P., Schneider, S.: Process algebra and non-interference. Journal of Computer Security 9(1/2), 75–103 (2001)
Google Scholar
Ryan, P.Y.A.: A CSP formulation of non-interference and unwinding. IEEE Cipher, 19–30 (Winter 1991)
Google Scholar
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1208–1308 (1975)
Article Google Scholar
Spiessens, A.: Patterns of Safe Collaboration. PhD thesis, Université catholique de Louvain, Louvain-la-Neuve, Belgium (February 2007)
Google Scholar
van der Meyden, R.: Architectural refinement and notions of intransitive noninterference. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 60–74. Springer, Heidelberg (2009)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford, OX1 3QD, United Kingdom
Toby Murray & Gavin Lowe

Authors

Toby Murray
View author publications
You can also search for this author in PubMed Google Scholar
Gavin Lowe
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dipartimento di Informatica, Università di Pisa, Largo Bruno Pontecorvo, 3, 56127, Pisa, Italy
Pierpaolo Degano
The MITRE Corporation, 202 Burlington Rd, MS S128, MA 01730, Bedford, USA
Joshua D. Guttman

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Murray, T., Lowe, G. (2010). Analysing the Information Flow Properties of Object-Capability Patterns. In: Degano, P., Guttman, J.D. (eds) Formal Aspects in Security and Trust. FAST 2009. Lecture Notes in Computer Science, vol 5983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12459-4_7

Download citation

DOI: https://doi.org/10.1007/978-3-642-12459-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12458-7
Online ISBN: 978-3-642-12459-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics