C. Bodei, P. Degano, F. Nielson, and H.R.Nielson. Static Analysis of Processes for No Read-Up and No-Write-Down. In Proc. FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120--134, Springer-Verlag, 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....ow properties and it would be quite interesting to compare our approach with existing ones, in order to study possible relations and understand the relative merits. Among static analysis, there are some papers about types (see, e.g. 28, 25, 13, 5] and control ow analysis (see, e.g. [2, 6]) Another typical approach to bypass the state explosion problem, is to study compositional properties. Indeed, if a property is preserved when secure systems are composed, then the analysis may be performed on (sequential) subsystems and, in case of success, the system as a whole can be ....

C. Bodei, P. Degano, F. Nielson, and H. Nielson. Static Analysis of Processes for No Read-Up and No Write-Down. In Proc. FoSSaCS'99, volume 1578 of LNCS, pages 120-134. Springer-Verlag, 1999.

....These indirect ways of transmitting information are called covert channels. Figure 1 summarizes this policy. Read Write Read Covert Channel Write up Read down Level n Level n k Fig. 1. Multilevel Security Policy. In order to detect information leakages, a typical approach (see, e.g. [4 9]) consists in directly defining what is an information flow from one level to another one. Then, it is sufficient to verify that, in any system execution, no information flow is possible from level high to level low. This is the approach we follow in this paper. The scenario. We will consider ....

Chiara Bodei, Pierpaolo Degano, Flemming Nielson, and Hanne Riis Nielson. Static Analysis of Processes for No Read-Up and No Write-Down. In Proc. FoSSaCS'99, number 1578 in Lecture Notes in Computer Science, pages 120--134. Springer-Verlag, 1999.

....of transmitting information are called covert channels. Figure1 summarizes this policy. Write Read Write Read Covert Channel Write up Read down Level n Level n k Fig. 1. Multilevel Security Policy. In order to detect both direct and indirect information leakages, a typical approach (see, e.g. [2,6 8,10,11]) consists in directly defining what is an information flow from one level to another one. Then, it is su#cient to verify that, in any system execution, no information flow is possible from level high to level low. This is the approach we follow in this paper. We will consider information flow ....

C. Bodei, P. Degano, F. Nielson, and H.R.Nielson. Static Analysis of Processes for No Read-Up and No-Write-Down. In Proc. FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120--134, Springer-Verlag, 1999.

....ControlFlow , and MEFISTO, and EU Contract IST 2001 32617. Read Up, a low level entity cannot access information of a high level entity; ii)No Write Down, a high level entity cannot leak information to a low level entity. In order to detect information leakages, a typical approach (see, e.g. [2, 8, 9, 10, 12, 13]) consists in directly defining what is an information flow from one level to another one. Then it is sufficient to verify that, in any system execution, no flow of information is possible from level high to level low. This is the approach we follow also in this paper. To model information flow ....

C. Bodei, P. Degano, F. Nielson, and H.R.Nielson. Static Analysis of Processes for No Read-Up and No-Write-Down. In Proc. FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120--134, Springer-Verlag, 1999.

....transmitting information are called covert channels. Figure1 summarizes this policy. Read Write Read Covert Channel Write up Read down Level n Level n k Fig. 1. Multilevel Security Policy. In order to detect both direct and indirect information leakages, a typical approach (see, e.g. [2,5 7,9,10]) consists in directly defining what is an information flow from one level to another one. Then, it su#cient to verify that, in any system execution, no information flow is possible from level high to level low. This is the approach we follow in this paper. The scenario. We will consider ....

C. Bodei, P. Degano, F. Nielson, and H.R.Nielson. Static Analysis of Processes for No Read-Up and No-Write-Down. In In Proc. FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120--134, Springer-Verlag, 1999.

.... systems are, in general, intuitive and well understood, one reason for using control and data flow analyses is that type systems sometimes lack the principal type (the most general type that can be given to a command or expression) which may result in the loss of precision [126] Bodei et al. [127], 128] demonstrate the use of a controlflow analysis to establish Bell LaPadula security properties for the calculus. In the context of firewalls, formalized by ambients [129] Nielson et al. 130] show how to statically reject firewalls that may accept the attacker that fails to provide the ....

C. Bodei, P. Degano, F. Nielson, and H. Riis Nielson, "Static analysis of processes for no read-up and no write-down," in Proc. Foundations of Software Science and Computation Structure. Apr. 1999, number 1578 in LNCS, pp. 120--134, Springer-Verlag.

....a non interference result; instead, they state a so called causal flow property. We view this as a serious shortcoming: it is difficult to determine exactly which notion of causality the property reflects. The same criticism can be held against Bodei et al. s no read up no write down property [4]. The restriction of Honda et al. s system [11] to nonlinear types seems essentially identical to our system: judgements are annotated with a security level similar to ours (compare (Deg s ) with T SUB) and non linear channel types are invariant in their security level. The noninterference ....

C. Bodei, P. Degano, F. Nielson, and H. R. Nielson. Static analysis of processes for no read-up and no write-down. In W. Thomas, editor, Proceedings of FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120--134. Springer, Mar. 1999. URL: http://www.di.unipi.it/ ~chiara/publ-40/BDNN99.ps.

....a non interference result; instead, they state a so called causal flow property. We view this as a serious shortcoming: it is difficult to determine exactly which notion of causality the property reflects. The same criticism can be held against Bodei et al. s no read up no write down property [4]. The restriction of Honda et al. s system [11] to nonlinear types seems essentially identical to our system: judgements are annotated with a security level similar to ours (compare (Deg s ) with T SUB) and non linear channel types are invariant in their security level. The noninterference ....

C. Bodei, P. Degano, F. Nielson, and H. R. Nielson. Static analysis of processes for no read-up and no write-down. In W. Thomas, editor, Proceedings of FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120--134. 9 Springer, Mar. 1999. URL: http://www.di.unipi.it/ ~chiara/publ-40/BDNN99.ps.

....remote connections. It is important to precisely define security properties in order to have formal statements of the correctness of a security mechanism. As a consequence, in the recent years there have been a number of proposals of formal definitions of security properties (see, for instance, [1, 2, 8, 11, 12, 17, 21, 30, 44, 45, 51, 53, 59, 60]) # This work has been partially supported by MURST projects TOSCA, Certificazione automatica di programmi mediante interpretazione astratta and Interpretazione astratta, type systems e analisi control flow , and also partially supported by Microsoft Research Europe. 1 In this paper we ....

C. Bodei, P. Degano, F. Nielson, and H. Riis Nielson. "Static Analysis of Processes for No Read-Up and No Write-Down". In proc. of 2nd FoSSaCS'99, Amsterdam, March 1999. Springer.

....[13] this turns out to be a dependency analysis [3] ensuring that low level outputs of a program do not depend on its high level information. Much work in the security literature addresses this problem. Logical approaches have been used in [4, 5] while control ow analysis has been used in [6]. Recently, several studies have reformulated the problem as a typing problem, and a number of type systems have been developed to ensure secure information ow for imperative, sequential languages [25] functional ones [22, 14, 23] imperative concurrent ones [19, 24] and process calculi [11, 1, ....

....typing discipline with a family of rich polymorphic constraint based type systems. However, because of its simplicity, we believe that our approach is applicable to other process calculi. The question of information ow analysis in the setting of process calculi has been studied previously in [11, 6, 15, 16, 1]. The last three papers investigate the use of type systems to ensure the non interference property. Hennessy and Riely [15] study an asynchronous calculus extended with security annotations on processes and channels. They prove a non interference property based on may and must testing ....

C. Bodei, P. Degano, F. Nielson, and H. R. Nielson. Static analysis of processes for no read-up and no write-down. Lecture Notes in Computer Science, 1578:120134, 1999.

....traditional program analysis techniques to address the security of information flow within computing systems. For example, control and data flow analyses are no longer of interest only for compiler optimisations but also for checking whether certain security conditions are met by programs [7, 5]. Type systems are being consid ered as static tools which can capture information about the security classes of values and which can be used to enforce predefined security policies [26, 12, 18, 17, 15, 23, 8, 13] A wide range of languages have been subjected to study in the context of ....

C. Bodei, P. Degano, F. Nielson, and H. R. Nielson. Static analysis of processes for no read-up and no write-down. In Proceedings of FOSSACS'99, number 1578 in Lecture Notes in Computer Science, pages 120--134. SpringerVerlag, 1999.

....V. Ferrari, Moggi, Pugliese In this paper, we address the problem of protecting hosts from attacks or misbehavior of mobile processes. To overcome this problem, di erent solutions have been proposed in the literature that are based on, e.g. type systems [4,13,20,8,9] information ow analysis [12,3,14] and proof carrying code [19] To have a ne grain control over the behavior of mobile processes and to directly program and manage security policies, we propose to move process abstractions, i.e. process code which abstracts from local operations, instead of processes ready to run or active ....

C. Bodei, P. Degano, F. Nielson, H.R. Nielson. Static analysis of processes for no read-up and no write-down. In Proc. of FOSSACS'99, LNCS 1578, pp.120-134, Springer, 1999.

....now look at ways of exploiting it for expressing, validating and enforcing certain safety and security properties. Most of the work in the area of safety and security is in the framework of lower level process calculi such as the calculus family and static analyses techniques developed for these [9, 24, 10, 32, 2, 3, 1]. Casting some of these in the framework of a type and effect system such as ours would make the 23 underlying ideas more readily applicable using the type systems of languages such as Concurrent ML and Facile as a basis. Acknowledgements I would like to thank Stephen Gilmore for the very ....

C. Bodei, P. Degano, F. Nielson, and H. R. Nielson. Static analysis of processes for no read-up and no write-down. In Proceedings of FOSSACS '99, number 1578 in Lecture Notes in Computer Science, pages 120--134. Springer-Verlag, 1999.

....a non interference result; instead, they state a so called causal ow property. We view this as a serious shortcoming: it is di cult to determine exactly which notion of causality the property re ects. The same criticism can be held against Bodei et al. s no read up no write down property [4]. The restriction of Honda et al. s system [8] to non linear types seems essentially identical to our system: judgements are annotated with a security level 16 Franois Pottier similar to ours (compare (Deg s ) with T Sub) and non linear channel types are invariant in their security level. Their ....

Chiara Bodei, Pierpaolo Degano, Flemming Nielson, and Hanne Riis Nielson. Static analysis of processes for no read-up and no write-down. In Wolfgang Thomas, editor, Proceedings of FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120134. Springer, March 1999. URL: http://www.di. unipi.it/~chiara/publ-40/BDNN99.ps.

....would be to apply these techniques to the Seal Calculus [15] A further subject of future research is the study of a notion of subtyping on ambient domains. This would allow us to introduce in the system a notion of security levels and perform static analyses such as those described in [2]. Acknowledgments Work partially supported by Franco Italian Action Galileo 19992000. Support was also provided by the Italian MURST Project 9901403824 003 Automatic Program Certification by Abstract Interpretation and by the French CNRS Program Telecommunications: Collaborative, ....

H. R. N. C. Bodei, P. Degano and F. Nielson. Static analysis of processes for no read-up and no write-down. In Porceedins of FoSSaCS'99. 1999.

....to the Seal Calculus [12] A further subject of future research is the study of nested ambient domains, and of an associated notion of subtyping on ambient domains. This would allow us to introduce in the system a notion of security levels and perform static analyses such as those described in [2]. ....

H. R. Nielson C. Bodei, P. Degano and F. Nielson. Static analysis of processes for no read-up and no write-down. In Porceedins of FoSSaCS'99. LNCS, 1999.

....by a control flow analysis) is indeed acceptable; in the absence of higher order features in the ambient calculus, this amounts to a syntax directed definition of a number of judgements. The analysis combines the ability to handle communication (in the manner of analyses for the # calculus [2, 3]) with the ability to handle movement (in the manner of an analysis for the communication free fragment [18] Semantic correctness is established by proving that all acceptable analyses are semantically sound (by means of a subject reduction result in the manner of type systems) On the ....

C. Bodei, P. Degano, F. Nielson, and H. Riis Nielson. Static analysis of processes for no read-up and no write-down. In Proceedings of 2 nd FoSSaCS'99, LNCS 1578, pages 120--134. Springer, 1999.

....predict safe and computable approximations to the set of values or behaviours arising dynamically. We advocate here the CFA technique, based upon Flow Logic, for studying the security of mobile systems. CFA (already applied to 1 study security in process algebras, such as the calculus [10, 11, 12] and the spi calculus [9] has been recently developed for Mobile Ambients, in particular in [6] and applied to prove some security properties on rewall protocols. We here re ne the analysis in [6] extended to SA, by using a sort of contextual information. As usual, our CFA is formulated as a ....

C.Bodei and P. Degano P. and F. Nielson and H. Riis Nielson. Static Analysis of Processes for No Read-Up and No Write-Down. Proc.of FoSSaCS'99, LNCS 1578, pp 120-134. Springer Verlag, 1999.

No context found.

C. Bodei, P. Degano, F. Nielson, and H.R.Nielson. Static Analysis of Processes for No Read-Up and No-Write-Down. In Proc. FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120--134, Springer-Verlag, 1999.

No context found.

C. Bodei, P. Degano, F. Nielson, and H.R.Nielson. Static Analysis of Processes for No Read-Up and No-Write-Down. In Proc. FoSSaCS'99, volume 1578 of Lecture Notes in Computer Science, pages 120-134, Springer-Verlag, 1999.

No context found.

Chiara Bodei, Pierpaolo Degano, Flemming Nielson, and Hanne Riis Nielson. Static Analysis of Processes for No Read-Up and No Write-Down. In Proc. FoSSaCS'99, number 1578 in Lecture Notes in Computer Science, pages 120--134. Springer-Verlag, 1999.

No context found.

C. Bodei, P. Degano, F. Nielson, and H. R. Nielson. Static analysis of processes for no read-up and no write-down. In Proc. FOSSACS'99, number 1578 in Lecture Notes in Computer Science, pages 120-134. Springer-Verlag, 1999.

No context found.

C. Bodei, P. Degano, H.R. Nielson, and F. Nielson. Static analysis of processes for no read-up and no write-down. In Proceedins of FoSSaCS'99, volume 1961.

No context found.

C. Bodei, P. Degano, F. Nielson, and H. Riis Nielson, "Static analysis of processes for no read-up and no write-down," in Proc. Foundations of Software Science and Computation Structure. Apr. 1999, number 1578 in LNCS, pp. 120--134, Springer-Verlag.

No context found.

Chiara Bodei, Pierpaolo Degano, Flemming Nielson, and Hanne Riis Nielson. Static analysis of processes for no read-up and no write-down. In FOSSAC'99,number 1578 in Lecture Notes in Computer Science, pages 120#134. Springer-Verlag, 1999.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC