MetaCartSign in to MyCiteSeer

Include Citations | Advanced Search | Help

Include Citations | Advanced Search | Help

  Secure safe ambients (2001) [44 citations — 9 self]

Download:
Download as a PDF | Download as a PS
by Michele Bugliesi
In Proc. of the 28th ACM Symposium on Principles of Programming Languages
ftp://ftp.ens.fr/pub/dmi/users/castagna/popl01.ps.gz
Add To MetaCart

Abstract:

Abstract. Secure Safe Ambients (SSA) are a typed variant of Safe Ambients [9], whose type system allows behavioral invariants of ambients to be expressed and verified. The most significant aspect of the type system is its ability to capture both explicit and implicit process and ambient behavior: process types account not only for immediate behavior, but also for the behavior resulting from capabilities a process acquires during its evolution in a given context. Based on that, the type system provides for static detection of security attacks such as Trojan Horses and other combinations of malicious agents. We study the type system of SSA, define algorithms for type checking and type reconstruction, define powerful languages for expressing security properties, and study a distributed version of SSA and its type system. For the latter, we show that distributed type checking ensures security even in ill-typed contexts, and discuss how it relates to the security architecture of the Java Virtual Machine. 1.

Citations

894 The lambda calculus, its syntax and semantics – Barendregt - 1984
811 Proof-Carrying Code – Necula - 1997
663 Mobile ambients – Cardelli, Gordon
218 The Chinese Wall security policy – Brewer, Nash - 1989
146 Types for Mobile Ambients – Cardelli, Gordon - 1998
132 The Java Virtual Machine Specification. The Java Series – Lindholm, Yellin - 1997
124 Controlling Interference in Ambients – Levi, Sangiorgi - 2000
86 Seal: A framework for secure mobile computations – Vitek, Castagna
60 Inside Java 2 Platform Security – Gong - 1999
59 Ambient groups and mobility types – Cardelli, Ghelli, et al. - 2000
48 Shape analysis for mobile ambients – Nielson, Nielson - 2000
32 Secure composition of untrusted code: wrappers and causality types – Sewell, Vitek - 2000
29 Static analysis of processes for no read-up and no write-down – Bodei, Degano, et al. - 1999
16 Operating Systems – Denning, Brown - 1984
1 6, 2000 15 A Subject Reduction and Type Soundness We first prove a few simple and useful properties for domain environments and process types. In that direction, we extend the set-theoretic notation used on processes to domain environments as follows. Giv – Ambients
1 The proof is obtained by induction on the depth of the derivation of the reduction – Proof
1 6, 2000 17 Case (out): a[out a:P 1 j P 2 j b[out a:Q 1 j Q 2 ] ]a[P 1 j P 2 ] j b[Q 1 j Q 2 ]. As in the previous cases, by repeated applications of Lemma A.5 to the typing judgment of the redex, there exist process types P 1 ; P 2 ; P a with P 1 ; P 2 ` – Ambients
View or Download | Add to My Collection | Correct Errors