Abstract
Static analyses allow dangerous code to be rejected before it runs. The distinct security concerns of code providers and end users necessitate that analysis be performed, or at least confirmed, during deployment rather than development; examples of this approach include bytecode verification and proof-carrying code. The situation is more complex in multi-party distributed systems, in which the multiple web services deploying code may have their own competing interests. Applying static analysis techniques to such systems requires the ability to identify the codebase running at a remote location and to dynamically determine the static properties of a codebase associated with an identity. In this paper, we provide formal foundations for these requirements. Rather than craft special-purpose combinators to address these specific concerns, we define a reflective, higher-order applied pi calculus and apply it. We treat process abstractions as serialized program files, and thus permit the direct observation of process syntax. This leads to a semantics quite different from that of higher-order pi or applied pi.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Yellin, F.: Low-level security in Java. In: WWW4 Conference (1995)
Necula, G.C.: Proof-carrying code. In: Principles of Programming Languages, POPL 1997 (1997)
Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. In: Principles of Programming Languages, POPL 1999 (1999)
Trusted Computing Group: TCG TPM Specification Version 1.2 (March 2006), http://www.trustedcomputinggroup.org
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Computer and Communications Security (CCS), pp. 132–145. ACM Press, New York (2004)
Cirillo, A., Riely, J.: Access control based on code identity for open distributed systems. In: Barthe, G., Fournet, C. (eds.) TGC 2007 and FODO 2008. LNCS, vol. 4912, pp. 169–185. Springer, Heidelberg (2008)
Sato, N., Sumii, E.: A higher-order, call-by-value applied pi-calculus. In: Hu, Z. (ed.) APLAS 2009. LNCS, vol. 5904, pp. 311–326. Springer, Heidelberg (2009)
Sangiorgi, D.: Expressing Mobility in Process Algebras: First-Order and Higher-Order Paradigms. PhD thesis, University of Edinburgh (1993)
Sangiorgi, D.: Asynchronous process calculi: the first-order and higher-order paradigms (tutorial). Theoretical Computer Science 253, 311–350 (2001)
Sangiorgi, D., Walker, D.: The π-calculus: a Theory of Mobile Processes. Cambridge University Press, Cambridge (2001)
Sun Microsystems: Java Object Serialization Specification (2005), http://java.sun.com/javase/6/docs/platform/serialization/spec/serialTOC.html
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification Second Edition. Sun Microsystems (1999)
Anderson, N.: Hacking Digital Rights Management. ArsTechnica.com (July 2006), http://arstechnica.com/articles/culture/drmhacks.ars
Haack, C., Jeffrey, A.S.A.: Pattern-matching spi-calculus. In: Proc. IFIP WG 1.7 Workshop on Formal Aspects in Security and Trust (2004)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Principles of Programming Languages, POPL 2001 (2001)
Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148, 1–70 (1999)
Abadi, M.: Secrecy by typing in security protocols. J. ACM 46(5) (1999)
Gordon, A.D., Jeffrey, A.S.A.: Authenticity by typing for security protocols. J. Computer Security 11(4) (2003)
Fournet, C., Gordon, A., Maffeis, S.: A type discipline for authorization policies. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 141–156. Springer, Heidelberg (2005)
Gordon, A.D., Jeffrey, A.S.A.: Secrecy despite compromise: Types, cryptography, and the pi-calculus. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 186–201. Springer, Heidelberg (2005)
Fournet, C., Gordon, A., Maffeis, S.: A type discipline for authorization in distributed systems. CSF 00, 31–48 (2007)
Abadi, M., Cardelli, L., Pierce, B., Plotkin, G.: Dynamic typing in a statically typed language. ACM Transactions on Programming Languages and Systems 13(2), 237–268 (1991)
Alt, J., Artemov, S.: Reflective lambda-calculus. Proof Theory in Computer Science, 22–37 (2001)
Artemov, S., Bonelli, E.: The intensional lambda calculus. Logical Foundations of Computer Science, 12–25 (2007)
Maffeis, S., Abadi, M., Fournet, C., Gordon, A.D.: Code-carrying authorization. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 563–579. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cirillo, A., Riely, J. (2010). Reflections on Trust: Trust Assurance by Dynamic Discovery of Static Properties. In: Degano, P., Guttman, J.D. (eds) Formal Aspects in Security and Trust. FAST 2009. Lecture Notes in Computer Science, vol 5983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12459-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-12459-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12458-7
Online ISBN: 978-3-642-12459-4
eBook Packages: Computer ScienceComputer Science (R0)