Abstract
The paper gives an assessment of security for Mobile Ambients, with specific focus on mandatory access control (MAC) policies in multilevel security systems. The first part of the paper reports on different formalization attempts for MAC policies in the Ambient Calculus, and provides an in-depth analysis of the problems one encounters. As it turns out, MAC security does not appear to have fully convincing interpretations in the calculus. The second part proposes a solution to this impasse, based on a variant of Mobile Ambients. A type system for resource access control is defined, and the new calculus is discussed and illustrated with several examples of resource management policies.
Work partially supported by MURST Project 9901403824003, by CNRS Program Telecommunications: “Collaborative, distributed, and secure programming for Internet”, and by Galileo Action n. 02841UD
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
T. Amtoft, A.J. Kfoury, and S.M. Pericas-Geertsen. What are polymorphically-typed ambients? In ESOP 2001, volume 2028 of LNCS, pages 206–220. Springer, 2001.
M. Bugliesi and G. Castagna. Secure safe ambients. In Proc. of the 28th ACM Symposium on Principles of Programming Languages, pages 222–235, London, 2001. ACM Press.
M. Bugliesi, G. Castagna, and S. Crafa. Boxed ambients. Technical report, L.I.E.N.S., 2001. Available at ftp://ftp.ens.fr/pub/dmi/users/castagna.
D.E. Bell and L. La Padula. Secure computer system: Unified exposition and multics interpretation,. Technical Report MTR-2997, MITRE Corporation, Bedford, MA. March 1976.
C. Bryce and J. Vitek. The JavaSeal mobile agent kernel. Autonomous Agents and Multi-Agent Systems, 2002. To appear.
L. Cardelli. Global computing. In IST FET Global Computing Consultation Workshop. 2000. Slides.
L. Cardelli and A. Gordon. Mobile ambients. In Proceedings of POPL’98. ACM Press, 1998.
L. Cardelli and A. Gordon. Types for mobile ambients. In Proceedings of POPL’99, pages 79–92. ACM Press, 1999.
L. Cardelli, G. Ghelli, and A. Gordon. Mobility types for mobile ambients. In Proceedings of ICALP’99, number 1644 in LNCS, pages 230–239. Springer, 1999.
L. Cardelli, G. Ghelli, and A. D. Gordon. Ambient groups and mobility types. In International Conference IFIP TCS, number 1872 in Lecture Notes in Computer Science, pages 333–347. Springer, August 2000.
G. Castagna, G. Ghelli, and F. Zappa. Typing mobility in the seal calculus. In CONCUR 2001 (12th. International Conference on Concurrency Theory), Lecture Notes in Computer Science, Aahrus, Danemark, 2001. Springer. This same volume.
M. Dezani-Ciancaglini and I. Salvo. Security types for safe mobile ambients. In Proceedings of ASIAN’00, pages 215–236. Springer, 2000.
R. De Nicola, G. Ferrari, and R. Pugliese. Types as specifications of access policies. In Secure Internet Programming: Security Issues for Mobile and Distributed Objects, number 1603 in LNCS. Springer, 1999.
US Department of Defense. Dod trusted computer system evaluation criteria, (the orange book). DOD 5200.28-STD, 1985.
C. Fournet, G. Gonthier, J.-J. L’evy, L. Maranget, and D. R’emy. A calculus of mobile agents. In 7th International Conference on Concurrency Theory (CONCUR’96), volume 1119 of Lecture Notes in Computer Science, pages 406–421. Springer, 1996.
D. Gollmann. Computer Security. John Wiley & Sons Ltd., 1999.
M. Hennessy and J. Riely. Information flow vs. resource access in the asynchronous π-calculus (extended abstract). In Automata, Languages and Programming, 27th International Colloquium, volume 1853 of LNCS, pages 415–427. Springer, 2000.
M. Hennessy and J. Riely. Resource access control in systems of mobile agents. Information and Computation, 2000. To appear.
J. Riely and M. Hennessy. Trust and partial typing in open systems of mobile agents. In Proceedings of POPL’99, pages 93–104. ACM Press, 1999.
X. Leroy and F. Rouaix. Security properties of typed applets. In Secure Internet Programming-Security issues for Mobile and Distributed Objects, volume 1603 of LNCS, pages 147–182. Springer, 1999.
F. Levi and D. Sangiorgi. Controlling interference in ambients. In POPL’ 00, pages 352–364. ACM Press, 2000.
H. R. Nielson and F. Nielson. Shape analysis for mobile ambients. In POPL’00, pages 135–148. ACM Press, 2000.
F. Nielson, H. Riis Nielson, R. R. Hansen, and J. G. Jensen. Validating firewalls in mobile ambients. In Proc. CONCUR’99, number 1664 in LNCS, pages 463–477. Springer, 1999.
P. Sewell and J. Vitek. Secure composition of untrusted code: Wrappers and causality types. In 13th IEEE Computer Security Foundations Workshop, 2000.
J. Vitek and G. Castagna. Seal: A framework for secure mobile computations. In Internet Programming Languages, number 1686 in LNCS. Springer, 1999.
P. Zimmer. Subtyping and typing algorithms for mobile ambients. In Proceedins of FoSSaCS’99, volume 1784 of LNCS, pages 375–390. Springer, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bugliesi, M., Castagna, G., Crafa, S. (2001). Reasoning about Security in Mobile Ambients. In: Larsen, K.G., Nielsen, M. (eds) CONCUR 2001 — Concurrency Theory. CONCUR 2001. Lecture Notes in Computer Science, vol 2154. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44685-0_8
Download citation
DOI: https://doi.org/10.1007/3-540-44685-0_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42497-0
Online ISBN: 978-3-540-44685-9
eBook Packages: Springer Book Archive