×

Secured information flow for asynchronous sequential processes. (English) Zbl 1277.68159

Backes, Michael (ed.) et al., Proceedings of the international workshop on security and concurrency (SecCo 2005), San Francisco, CA, USA, August 22, 2005. Amsterdam: Elsevier. Electronic Notes in Theoretical Computer Science 180, No. 1, 17-34 (2007).
Summary: We present in this article a precise security model for data confidentiality in the framework of ASP (asynchronous sequential processes). ASP is based on active objects, asynchronous communications, and data-flow synchronizations. We extend it with security levels attached to activities (active objects) and transmitted data.{ }We design a security model that guarantees data confidentiality within an application; this security model takes advantages of both mandatory and discretionary access models. We extend the semantics of ASP with predicate conditions that provide a formal security framework, dynamically checking for unauthorized information flows. As a final result, all authorized communication paths are secure: no disclosure of information can happen. This theoretically-founded contribution may have a strong impact on distributed object-based applications, that are more and more present and confidentiality-demanding on the internet, it also arises a new issue in data confidentiality: authorization of secured information flow transiting (by the mean of futures) through an unsecured component.
For the entire collection see [Zbl 1275.68012].

MSC:

68Q85 Models and methods for concurrent and distributed computing (process algebras, bisimulation, transition nets, etc.)

Software:

JFlow
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Abadi, Martin; Cardelli, Luca, A Theory of Objects (1996), Springer-Verlag · Zbl 0876.68014
[2] Isabelle Attali, Denis Caromel, and Arnaud Contes. Hierarchical and declarative security for grid applications. In International Conference On High Performance Computing, HIPC, Hyderabad, India, December 17-20; Isabelle Attali, Denis Caromel, and Arnaud Contes. Hierarchical and declarative security for grid applications. In International Conference On High Performance Computing, HIPC, Hyderabad, India, December 17-20
[3] Anindya Banerjee and David A. Naumann. Using access control for secure information flow in a java-like language. In 16th IEEE Computer Security Foundations Workshop (CSFW-16); Anindya Banerjee and David A. Naumann. Using access control for secure information flow in a java-like language. In 16th IEEE Computer Security Foundations Workshop (CSFW-16)
[4] David E. Bell and Leonard J. LaPadula. Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA, March 1976; David E. Bell and Leonard J. LaPadula. Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA, March 1976
[5] Bertino, Elisa; De Capitani di Vimercati, Sabrina; Ferrari, Elena; Samarati, Pierangela, Exception-based information flow control in object-oriented systems, ACM Transactions on Information and System Security (TISSEC), 1, 1, 26-65 (November 1998)
[6] Caromel, Denis; Henrio, Ludovic, A Theory of Distributed Objects (2005), Springer-Verlag: Springer-Verlag New York · Zbl 1084.68012
[7] Caromel, Denis; Henrio, Ludovic; Serpette, Bernard, Asynchronous and deterministic objects, (31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004 (2004), ACM Press), 123-134 · Zbl 1325.68052
[8] Caromel, Denis; Klauser, Wilfried; Vayssiere, Julien, Towards seamless computing and metacomputing in java, Concurrency: Practice and Experience, 10, 11-13, 1043-1061 (1998)
[9] Agostino Cortesi and Riccardo Focardi. Information flow security in mobile ambients. In International Workshop on Concurrency and Coordination (ConCoord’01); Agostino Cortesi and Riccardo Focardi. Information flow security in mobile ambients. In International Workshop on Concurrency and Coordination (ConCoord’01) · Zbl 1147.68330
[10] Crafa, Silvia; Bugliesi, Michele; Castagna, Giuseppe, Information flow security in boxed ambients, Electronic Notes in Theoretical Computer Science, 66, 3 (2002), Elsevier · Zbl 1268.68123
[11] XACML eXtensible Access Control Markup Language
[12] Focardi, Riccardo; Gorrieri, Roberto, Classification of security properties (part i: Information flow), (Foundations of Security Analysis and Design (FOSAD 2000) - Tutorial Lectures. Foundations of Security Analysis and Design (FOSAD 2000) - Tutorial Lectures, Lecture Notes in Computer Science, volume 2171 (2001), Springer-Verlag), 331-396 · Zbl 1007.68508
[13] Matthew Hennessy. The security picalculus and non-interference. Journal of Logic and Algebraic Programming; Matthew Hennessy. The security picalculus and non-interference. Journal of Logic and Algebraic Programming · Zbl 1337.68183
[14] Matthew Hennessy and James Riely. Information flow vs. resource access in the asynchronous pi-calculus. Computer Science Technical Report 2000:03, The University of Sussex, 2000; Matthew Hennessy and James Riely. Information flow vs. resource access in the asynchronous pi-calculus. Computer Science Technical Report 2000:03, The University of Sussex, 2000 · Zbl 0973.68519
[15] Peter Herrmann. Information flow analysis of component-structured applications. In 17th Annual Computer Security Applications Conference; Peter Herrmann. Information flow analysis of component-structured applications. In 17th Annual Computer Security Applications Conference
[16] Honda, Kohei; Vasconcelos, Vasco; Yoshida, Nobuko, Secure information flow as typed process behaviour, (Programming Languages and Systems. Programming Languages and Systems, Lecture Notes in Computer Science, volume 1782 (2000), Springer-Verlag) · Zbl 0960.68126
[17] Jajodia, Sushil; Kogan, Boris; Sandhu, Ravi S., A multilevel secure object-oriented data model, (Abrams, Marshall D.; Jajodia, Sushil; Podell, Harold J., Information Security: An Integrated Collection of Essays (1995), IEEE Computer Society Press), 596-616
[18] Milner, Robin, Communicating and Mobile Systems: the \(π\)-Calculus (May 1999)
[19] Robin Milner, Joachim Parrow, and David Walker. A calculus of mobile processes, part I/II. 100:1-77, September 1992; Robin Milner, Joachim Parrow, and David Walker. A calculus of mobile processes, part I/II. 100:1-77, September 1992 · Zbl 0752.68037
[20] Andrew C. Myers. Jflow: Practical mostly-static information flow control. In 26th ACM Symposium on Principles of Programming Languages (POPL 99); Andrew C. Myers. Jflow: Practical mostly-static information flow control. In 26th ACM Symposium on Principles of Programming Languages (POPL 99)
[21] ProActive
[22] Sabelfeld, Andrei, The impact of synchronisation on secure information flow in concurrent programs, (4th International Conference on Perspectives of System Informatics. 4th International Conference on Perspectives of System Informatics, Lecture Notes in Computer Science, volume 2244 (July 2001), Springer-Verlag) · Zbl 1073.68590
[23] Samarati, Pierangela; Bertino, Elisa; Ciampichetti, Alessandro; Jajodia, Sushil, Information flow control in object-oriented systems, IEEE Transactions on Knowledge and Data Engineering, 9, 4, 524-538 (July-August 1997)
[24] Samarati, Pierangela; De Capitani Di Vimercati, Sabrina, Access control: Policies, models, and mechanisms, (Foundations of Security Analysis and Design : Tutorial Lectures. Foundations of Security Analysis and Design : Tutorial Lectures, Lecture Notes in Computer Science, volume 2171 (2001), Springer-Verlag), 137 · Zbl 1010.68698
[25] Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In 18th ACM Symposium on Operating System Principles (SOSP ’01); Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In 18th ACM Symposium on Operating System Principles (SOSP ’01)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.