Abstract

interpretation is a methodology for deriving program analyses systematically from the semantics of a programming language. Hansen, Jensen, Nielson, and Nielson [20] describe a constraint-based framework for abstract interpretation of mobile ambients; instances of the framework include an analysis counting occurrences of ambients, and also the original control ow analysis for the ambient calculus [29]. Levi and Maeis [24] and Feret [19] present abstract interpretations based on alternative semantics of the ambient calculus. Some analyses have been developed in the setting of Levi and Sangiorgi's calculus of safe ambients [25], a generalization of the original ambient calculus that gives processes greater control over synchronization, and hence avoids certain kinds of nondeterminism. In their paper, Levi and Sangiorgi propose a type system to guarantee immobility and single-threadedness. Security properties are considered by several authors. Bugliesi and Castagna [8] describe a type system for safe ambients that checks security properties, including security in a distributed setting. They rely on a notion of ambient domain that is similar to the notion of an ambient group, but have no counterpart to the group creation operator. Dezani-Ciancaglini and Salvo [18] present a type system for safe ambients where each ambient has a security level, akin to a group. Unlike our system, security levels are partially ordered, allowing the system to express trust relationships. Degano, Levi, and Bodei [17, 23] rene Nielson and Nielson's original ow analysis [29] for the calculus of safe ambients. The analysis allows the proof of simple secrecy properties; they formally distinguish between trustworthy and untrustworthy ambients, and show that no trustworthy ambient may be ope...

Citations