Labelled mobile ambients model for information flow security in distributed systems
Pages 330 - 337
Abstract
Lattice model of secure information flow (referred as LIFS) is the foundation for building secure systems. In this paper, we capture the lattice model of security for mobility in a distributed setup using the formalism of Mobile Ambient calculus (MA) that has been widely used to model mobility and concurrency. Our model, referred to as Labelled Mobile Ambients (LMA), assigns labels to ambients for tracking information flow in the system, and provides semantics for preserving the distributed information flow policy specified by the labels. While there exist variants of the mobile ambient calculus for modelling application specific aspects of mandatory access control like confidentiality and integrity in the literature, our LMA model subsumes these models by capturing confidentiality and integrity as special cases of information flow properties. Thus, the LMA model enables a wide range of applications with complex security requirements, and permits a simple static analysis to establish whether the system violates information flow policy. A relative comparison to other prominent works is provided highlighting the merits of our LMA.
References
[1]
D. Bell and L. La Padula. Secure computer systems: Unified exposition and multics interpretation. In Technical Report ESD-TR-75-306, MTR-2997, MITRE, Bedford, Mass, 1975.
[2]
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In IEEE SP '96, pages 164--173.
[3]
C. Braghin. Static Analysis of Security Properties in Mobile Ambients. PhD thesis, Univ. Ca Foscari Di Venezia, Dipartimento di Informatica, Venezia, Italy, January 2005.
[4]
D. F. Brewer and M. J. Nash. The chinese wall security policy. IEEE Symposium on Security and Privacy, 0:206, 1989.
[5]
M. Bugliesi and G. Castagna. Secure safe ambients. In Proceedings of the 28th ACM SIGPLAN-SIGACT POPL, pages 222--235, 2001.
[6]
M. Bugliesi, G. Castagna, and S. Crafa. Boxed ambients. In Theoretical Aspects of Computer Software, volume 2215 of LNCS, pages 38--63. 2001.
[7]
L. Cardelli and A. D. Gordon. Mobile ambients. Theor. Comput. Sci., 240(1): 177--213, 2000.
[8]
D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5): 236--243, 1976.
[9]
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. RFC 2693: SPKI certificate theory. IETF RFC Publication, September 1999.
[10]
D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554--563, 1992.
[11]
K. Biba. Integrity considerations for secure computer systems. In Technical Report ESD-TR-76-372, MITRE, Bedford, Mass, 1976.
[12]
M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard os abstractions. In 21st ACM, SOSP '07, pages 321--334.
[13]
F. Levi and D. Sangiorgi. Mobile safe ambients. ACM Trans. Program. Lang. Syst., 25: 1--69, January 2003.
[14]
J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: A platform for secure distributed computation and storage. In J. N. Matthews and T. E. Anderson, editors, SOSP, pages 321--334. ACM, 2009.
[15]
A. C. Myers. Jflow: Practical mostly-static information flow control. In POPL, pages 228--241, 1999.
[16]
A. C. Myers and B. Liskov. A decentralized model for information flow control. In ACM SOSP '97, pages 129--142.
[17]
A. C. Myers, N. Nystrom, L. Zheng, and S. Zdancewic. Jif: Java information flow. In Software release. http://www.cs.cornell.edu/jif, July 1992.
[18]
H. R. Nielson, F. Nielson, and M. Buchholtz. Security for mobility. In FOSAD '02, LNCS 2946, pages 207--265.
[19]
I. Phillips and M. G. Vigliotti. On reduction semantics for the push and pull ambitent calculus. In 2nd IFIP, TCS '02, pages 550--562.
[20]
I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel. Laminar: Practical fine-grained decentralized information flow control. SIGPLAN Not. '09, 44(6): 63--74.
[21]
D. Sangiorgi and D. Walker. π-Calculus: A Theory of Mobile Processes. Cambridge University Press, New York, NY, USA, 2001.
[22]
V. Simonet and I. Rocquencourt. Flow caml in a nutshell. In Proceedings of the first APPSEM-II workshop, pages 152--165, 2003.
[23]
S. Vandebogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazières. Labels and event processes in the asbestos operating system. ACM Trans. Comput. Syst., 25, 2007.
[24]
N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in histar. In 7th USENIX, OSDI '06, pages 263--278.
Index Terms
- Labelled mobile ambients model for information flow security in distributed systems
Recommendations
Security Information Flow Control Model and Method in MILS
CIS '12: Proceedings of the 2012 Eighth International Conference on Computational Intelligence and SecurityMultiple Independent Levels of Security (MILS) is a high-assurance architecture which protects information sharing at different security levels. MILS ensures mutual independence and prevents the spread of the error effectively between partitions. ...
Security Information Flow in Multidimensional Arrays
The problem of security flow into n-dimensional arrays is considered. It is shown that in the security flow analysis for an array assignment A(B 1, B 2···,B n) = , it is sufficient to analyze the flows B j__ __ A( B 1, B 2,··· Bn), i.e., show that L[B j]...
Comments
Information & Contributors
Information
Published In
September 2015
350 pages
ISBN:9781450334532
DOI:10.1145/2799979
- Conference Chairs:
- Oleg Makarevich,
- Ron Poet,
- Atilla Elçi,
- Manoj Singh Gaur,
- Mehmet Orgun,
- Program Chairs:
- Ludmila Babenko,
- Sadek Ferdous,
- Anthony T. S. Ho,
- Vijay Laxmi,
- Josef Pieprzyk
Copyright © 2015 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 September 2015
Check for updates
Qualifiers
- Research-article
Conference
SIN '15
SIN '15: The 8th International Conference on Security of Information and Networks
September 8 - 10, 2015
Sochi, Russia
Acceptance Rates
SIN '15 Paper Acceptance Rate 34 of 92 submissions, 37%;
Overall Acceptance Rate 102 of 289 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 53Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 28 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in