Preface: Volume 32

Abstract This volume contains papers from the DERA/RHUL Workshop on Secure Architectures and Information Flow, held at Royal Holloway, University of London, from December 1st to December 3rd, 1999. The purpose of the workshop was to gather together researchers interested in secure architectures and in particular those involved in the DERA Beacon programme “Future Security Requirements and Technologies”. The aim of this 3 year collaborative research programme is to investigate the impact of future and emerging technologies on secure systems. The first two days of the workshop were devoted to general issues of secure architectures whilst the third, final day was devoted to the topic of non-interference. Non-interference is a central concept in computer security for nearly two decades since Goguen and Meseguer first proposed the idea in 1982. It seeks to formalise the absence of any flow of information across an interface and so is clearly a key concept underlying any notion of confidentiality. It is still hotly debated both in the sense of what exactly it is and what role, if any, it should play in information security. There have been a number of theoretical advances of late on this topic but there remain a number of fundemental, open questions. It was thus timely to gather together some of the researchers active in this area to present these advances and discuss the open quesions. The workshop combined two workshop series: the third in a series hosted by Royal Holloway on secure architectures associated with the DERA Beacon project, and the third in a series on information flow held previously at Royal Holloway and at Leicester. There were in total 20 presentations during the three days of the workshop, many of them describing work in progress or work appearing elsewhere. Some of the papers presented are reproduced in this volume, others will be appearing elsewhere. The agenda was as follows: Security architectures Steve Schneider and Peter Ryan Introduction Ulrich Lang, Cambridge Why the CORBA security service fails Jorge Cuellar, Siemens Verification of an authentication and key agreement protocol Vitaly Shmatikov, Stanford Analysis of abuse-free contract signing Roberto Gorrieri, University of Bologna Coping with denial-of-service due to malicious Java Applets Cathy Meadows, NRL Emerging problems with sceurity protocol analysis Virginie Wiels CERT-ONERA Electronic Purse Security Verification Joachim Posegga and Roger Kehr, Deutsche Telekom, IT Security Research PCA: Jini-based Personal Card Assistant — Security Issues in Spontaneous Networking Volkmar Lotz, Siemens Formally Defining Security Properties with Stream Processing Functions Dieter Gollman, MS Research Cambridge On the verification of security protocols Joshua D. Guttman, The MITRE Corp Packet Filters and their Atoms: Local Behavior/Global Security Policies Michael Waidner, IBM Zurich and Birgit Pfitzmann, Universitat des Saarlandes Cryptographic definitions of “secrecy” Ian Welch and Robert Stroud, Newcastle University Supporting Real World Security Models in Java Guenter Karjoth, IBM Research Centre Zurich Java 2 Authorization: Its Semantics and Expressive Power Yves Deswarte, LAAS and MS Research Intrusion tolerance and the MAFTIA Project The theory of information flow Peter Ryan, DERA Welcome and Introduction Andrei Sabelfeld, Chalmers University, Sweden Probabilistic Noninterference for Multi-threaded Programs Bruno Dutertre, SRI Menlo Park Probabilistic vs. nonprobabilistic security models Paul Gardiner, Laser Point Software Power simulation and power bisimulation Steve Schneider, Royal Holloway A testing approach to non-interference Peter Ryan, DERA Power-bisimulation and Unwinding Riccardo Focardi, University of Venice Non-Interference and Security Protocols We thank the Department of Computer Science at Royal Holloway for hosting this workshop, and particularly Janet Hales for her invaluable help in the local organisation of the workshop both in the weeks leading up to it and during the workshop itself, and Neil Evans, James Heather, and Helen Treharne for local help during the workshop. We would also like to the thank DERA for their funding the Beacon programme and this workshop in particular. We also thank the Managing Editors of the Electronic Notes in Theoretical Computer Science series, Mike Mislove, Maurice Nivat, and Christos Papadimitriou, for giving us the opportunity of publishing the proceedings of this workshop in this series, and particularly Mike Mislove for his support, encouragement, and advice during the preparation of this electronic volume. Steve Schneider and Peter Ryan, Guest Editors