Skip to main content
SpringerLink
Log in

Flow Policy Awareness for Distributed Mobile Code

  • Conference paper
Book cover CONCUR 2009 - Concurrency Theory (CONCUR 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5710))

Included in the following conference series:

Abstract

In the context of global computing, information flow security must deal with the decentralized nature of security policies. This issue is particularly challenging when programs are given the flexibility to perform declassifying instructions. We point out potential unwanted behaviors that can arise in a context where such programs can migrate between computation domains with different security policies. We propose programming language techniques for tackling such unwanted behaviors, and prove soundness of those techniques at the global computation level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Almeida Matos, A.: Typing Secure Information Flow: Declassification and Mobility. PhD thesis, École Nationale Supérieure des Mines de Paris (2006)

    Google Scholar 

  2. Almeida Matos, A.: Flow policy awareness for distributed mobile code (proofs). Technical report, Instituto Superior Técnico de Lisboa (2008)

    Google Scholar 

  3. Almeida Matos, A., Boudol, G.: On declassification and the non-disclosure policy. In: 18th IEEE Computer Security Foundations Workshop, pp. 226–240. IEEE Computer Society, Los Alamitos (2005)

    Chapter  Google Scholar 

  4. Boudol, G.: A generic membrane model. In: Priami, C., Quaglia, P. (eds.) GC 2004. LNCS, vol. 3267, pp. 208–222. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1-2), 109–130 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  6. Boudol, G., Kolundzija, M.: Access Control and Declassification. In: Computer Network Security. CCIS, vol. 1, pp. 85–98. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Crafa, S., Bugliesi, M., Castagna, G.: Information flow security for boxed ambients. In: Sassone, V. (ed.) Workshop on Foundations of Wide Area Network Computing. ENTCS, vol. 66, pp. 76–97. Elsevier, Amsterdam (2002)

    Google Scholar 

  8. Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  9. Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symp. on Security and Privacy, pp. 11–20. IEEE Computer Society, Los Alamitos (1982)

    Google Scholar 

  10. Gorla, D., Hennessy, M., Sassone, V.: Security policies as membranes in systems for global computing. In: Foundations of Global Ubiquitous Computing, FGUC 2004. ENTCS, pp. 23–42. Elsevier, Amsterdam (2005)

    Google Scholar 

  11. Hicks, M., Tse, S., Hicks, B., Zdancewic, S.: Dynamic updating of information-flow policies. In: Workshop on Foundations of Comp. Security, pp. 7–18 (2005)

    Google Scholar 

  12. Lucassen, J.M., Gifford, D.K.: Polymorphic effect systems. In: 15th ACM Symp. on Principles of Programming Languages, pp. 47–57. ACM Press, New York (1988)

    Google Scholar 

  13. Mantel, H., Sabelfeld, A.: A unifying approach to the security of distributed and multi-threaded programs. Journal of Computer Security 11(4), 615–676 (2003)

    Article  Google Scholar 

  14. Martins, F., Vasconcelos, V.T.: History-based access control for distributed processes. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 98–115. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pp. 106–119. ACM, New York (1997)

    Google Scholar 

  16. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  17. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security (2007) (to appear)

    Google Scholar 

  18. Tse, S., Zdancewic, S.: Run-time principals in information-flow type systems. In: IEEE 2004 Symposium on Security and Privacy, pp. 179–193. IEEE Computer Society Press, Los Alamitos (2004)

    Chapter  Google Scholar 

  19. Zdancewic, S.: Challenges for information-flow security. In: 1st International Workshop on the Programming Language Interference and Dependence (2004)

    Google Scholar 

  20. Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.: Secure program partitioning. ACM Transactions on Computer Systems 20(3), 283–328 (2002)

    Article  Google Scholar 

  21. Zheng, L., Myers, A.: Dynamic security labels and noninterference. In: Proc. 2nd Workshop on Formal Aspects in Security and Trust, pp. 27–40. Springer, Heidelberg (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SQIG-Instituto de Telecomunicações and Instituto Superior Técnico de Lisboa, Portugal

    Ana Almeida Matos

Authors
  1. Ana Almeida Matos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Bologna, Mura A. Zamboni 7, 40127, Bologna, Italy

    Mario Bravetti  & Gianluigi Zavattaro  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Almeida Matos, A. (2009). Flow Policy Awareness for Distributed Mobile Code. In: Bravetti, M., Zavattaro, G. (eds) CONCUR 2009 - Concurrency Theory. CONCUR 2009. Lecture Notes in Computer Science, vol 5710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04081-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04081-8_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04080-1

  • Online ISBN: 978-3-642-04081-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation