P. Sewell and J. Vitek. Secure composition of insecure components. In Proceedings of the 12th IEEE Computer Security Foundations Workshop, pages 136150. IEEE, 1999. Extended version as University of Cambridge TR 463, 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....guarantee that the code will behave in an expected way. Di#erent static checking mechanisms have been suggested to address specific security properties of programs: a security sensitive type system [5] wrappers which encapsulate untrusted programs and implement security concerned properties [7], and so on. They give the users better facilities to address security properties than typical type checking does, but they still su#er from a lack of expressiveness since their security or linking policies are fixed and encoded in their type or logic systems. This material is based upon work ....

Sewell and Vitek. Secure composition of insecure components. In PCSFW: Proceedings of The 12th Computer Security Foundations Workshop, 1999.

....introduce hooks into the program, either at compile time or load time, in order to rcify runtime events, mostly method invocation. They do not require any modification to the VM, which explains why some low level events cannot be rcificd. 2. 3 Component Based Architecture and MOPs As observed in [27], monolithic programs are now being gradually replaced with programs that are made up of a number of components, originating from various 2 formerly known as MetaJava 3 By type here we mean primitive types, arrays, classes, and interfaces. sources and with various levels of trust, plus some ....

Peter Sewell and Jan Vitek. Secure composition of insecure components. In Proceedings of the Computer Security Foundations Workshop, CSFW-12, 1999.

....has gone into the study of mobile computation and programming languages that support it. On the theoretical side of this research, several concurrent and distributed calculi have been proposed, such as the Distributed Join Calculus [FGL 96] the D# Calculus [RH98, RH99] the Box Pi Calculus [SV99] the Seal Calculus [VC99] among others 1 . The Ambient Calculus (henceforth, AC) is a recent addition to this list and the starting point of our investigation. Our long term interest is the design and implementation of a strongly typed programming language for mobile computation. Part of ....

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

....has gone into the study of mobile computation and programming languages that support it. On the theoretical side of this research, several concurrent and distributed calculi have been proposed, such as the Distributed Join Calculus [FGL 96] the D# Calculus [RH98, RH99] the Box Pi Calculus [SV99] the Seal Calculus [VC99] among others 1 . The Ambient Calculus (henceforth, AC) is a recent addition to this list and the starting point of our investigation. Our long term interest is the design and implementation of a strongly typed programming language for mobile computation. Part of ....

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

....x#y# (c x(z) b) # (x#y# x(z) b) c y z b c . The ease with which reaction rules are defined in this style facilitated an outpouring of new process calculi for modelling encrypted communication [AG97] secure encapsulation 1.2. Historical background and motivation 7 [SV99] agent migration [CG98, Sew98, FGL 96] and so on. Each isolates a computational phenomenon and presents it via a reaction rule together with a structural congruence over some syntax. Here are two examples of reaction rules: In Cardelli and Gordon s ambient calculus, one ambient may move ....

P. Sewell and J. Vitek. Secure compositions of insecure components. In Proc. 12th Computer Security Foundations Workshop. IEEE Press, June 1999. {7}

....and then to send the message to this location in an other step. An alternate approach would simply consist in sending a message on a dynamic name that is not de ned locally to the parent location, which would then deal with the message (this second incremental approach is similar to [6] and [19]) The two semantics yield two di erent behaviors but, surprisingly enough, the type system presented in this paper is also sound for the second system. The primary goal of [1] is to guarantee receptiveness of channel names and deadlock freedom in a calculus with localities. The receptiveness ....

....if it was not given the capability to do so. In the local area calculus [7] localities form a xed hierarchy of levels that do not migrate. Channels have a level of operation, meaning that no communication on such a channel may cross the boundary of an higher level area. In the box calculus [19], localities also form a xed hierarchy, and communication may cross only one locality boundary at a time. This calculus aims at controlling the ow of information between localities. The higher order calculus of [21] also deals with access control, by explicitly specifying for each input which ....

P. Sewell and J. Vitek. Secure composition of insecure components. In Proceedings of CSFW 99: The 12th IEEE Computer Security Foundations Workshop (Mordano, Italy), pages 136{ 150. IEEE Computer Society, June 1999.

....Each channel belongs to one and only one seal. Some syntactic constructs allow the owner of a channel to regulate remote accesses to it and, thus, to control both remote communication and mobility. 3 A similar solution was independently proposed for a calculus without agent mobility in [17]. between the current seal and the parent seal and that actions on it will synchronize with processes in the parent, and finally the shared channel x z admits interactions between the current seal and a child seal named z. These interactions are expressed by the first three rules in Figure 1. ....

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop, 1999.

....has gone into the study of mobile computation and programming languages that support it. On the theoretical side of this research, several concurrent and distributed calculi have been proposed, such as the Distributed Join Calculus [FGL 96] the D# Calculus [RH98, RH99] the Box Pi Calculus [SV99] the Seal Calculus [VC99] among others. 1 The Ambient Calculus [Car99] is a recent addition to this list and the starting point of our investigation. Our main interest is the design of a strongly typed programming language for mobile computation. Part of this effort is an examination of the ....

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

....if it was not given the capability to do so. In the local area calculus [7] locatilities form a xed hierarchy of levels that do not migrate. Channels have a level of operation, meaning that no communication on such a channel may cross the boundary of an higher level area. In the box calculus [16], localities also form a xed hierarchy, and communication may cross only one locality boundary at a time. The goal of this work is to control the ow of information between the localities. The higher order calculus of [17] also deals with access control, by explicitely specifying for each input ....

P. Sewell and J. Vitek. Secure composition of insecure components. In Proceedings of CSFW 99: The 12th IEEE Computer Security Foundations Workshop (Mordano, Italy), pages 136-150. IEEE Computer Society, June 1999.

....has gone into the study of mobile computation and programming languages that support it. On the theoretical side of this research, several concurrent and distributed calculi have been proposed, such as the Distributed Join Calculus [FGL 96] the D Calculus [RH98, RH99] the Box Pi Calculus [SV99] the Seal Calculus [VC99] among others 1 . The Ambient Calculus (henceforth, AC) is a recent addition to this list and the starting point of our investigation. Our long term interest is the design and implementation of a strongly typed programming language for mobile computation. Part of this ....

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

....has gone into the study of mobile computation and programming languages that support it. On the theoretical side of this research, several concurrent and distributed calculi have been proposed, such as the Distributed Join Calculus [FGL 96] the D Calculus [RH98, RH99] the Box Pi Calculus [SV99] the Seal Calculus [VC99] among others. 1 The Ambient Calculus (henceforth, AC) is a recent addition to this list and the starting point of our investigation. Our long term interest is the design and implementation of a strongly typed programming language for mobile computation. Part of this ....

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. In Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. Technical Report 463, Computer Laboratory, University of Cambridge, Apr. 1999.

.... ( x)n[x z] in which a new bound name enters a box boundary. The two semantics coincide in the following sense. Theorem 1 If fn(P ) A then A P Q i P Q. This give con dence that the labelled semantics carries enough information. The proof is somewhat delicate; it is sketched in [29] and given in detail in [28] 7 3 A Filtering Example To demonstrate the use of box we give the de nition of a wrapper that restricts the interface for user programs. In most operating systems, programs installed and run by a user enjoy the same access rights as the user, so if the user is ....

Peter Sewell and Jan Vitek. Secure composition of insecure components. Trusted objects, Centre Universitaire d'Informatique, University of Geneva, July 1999. Also available as University of Cambridge TR 463.

....the user to typecheck, our type system must admit programs with badly typed subcomponents. Expressing wrappers requires a language for composing concurrently executing components, including primitives for encapsulating components and controlling their interactions. We use the box calculus of [28], recapitulated in Sections 2 and 3. Box is a minimal extension of the calculus with encapsulation; it is suciently expressive for components and wrappers while retaining the simplicity and tractable semantics needed for proving properties. Moreover Pict [22] demonstrates how to build a real ....

....2 omitting all transition subscripts, occurrences of C : and occurrences of C . We write A; x for A [ fxg where x is assumed not to be in A, and A; p for the union of A and the names occurring in the pattern p, where these are assumed disjoint. The labelled semantics is explained further in [28]. It is similar to a standard semantics but must also deal with boxes and with reductions such as ( x)x z) j n[0] x)n[x z] in which a new bound name enters a box boundary. The two semantics coincide in the following sense. Theorem 1 If fn(P ) A then A P Q i P Q. This ....

[Article contains additional citation context not shown here]

Peter Sewell and Jan Vitek. Secure composition of insecure components. In Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

....of mobile programs. In fact, a related project is investigating formal proof techniques for agent systems [35, 34] This project has defined a formal semantics of JavaSeal as a process calculus and has been able to validate some security properties, for example confinement by formal proofs [34, 31]. We begin by clarifying our use of terminology. A mobile agent platform is an execution environment for mobile agents. A platform is located on a single network node, several platforms connected by a communication infrastructure form a mobile agent network. A mobile agent is a program, in our ....

P. Sewell and J. Vitek. Secure composition of insecure components. In IEEE Computer Security Foundations Workshop (CSFW12), Mordano, Italy, June 1999.

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. In Proceedings of the 12th IEEE Computer Security Foundations Workshop, pages 136150. IEEE, 1999. Extended version as University of Cambridge TR 463, 1999.

No context found.

Peter Sewell and Jan Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

No context found.

P. Sewell and J. Vitek. Secure compositions of insecure components. In Proc. 12th Computer Security Foundations Workshop. IEEE Press, June 1999.

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999.

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. In Proceedings of the 12th IEEE Computer Security Foundations Workshop, 1999.

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. In Proceedings of CSFW 99 (Mordano, Italy), June 1999.

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop (CSFW-12), Mordano, Italy, June 1999. 1

No context found.

P. Sewell and J. Vitek. Secure composition of insecure components. In 12th IEEE Computer Security Foundations Workshop, 1999.

No context found.

Peter Sewell and Jan Vitek. Secure composition of insecure components. In Proceedings of CSFW 99: The 12th IEEE Computer Security Foundations Workshop (Mordano, Italy), pages 136-150. IEEE Computer Society, June 1999.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC