Information Flow Safety in Multiparty Sessions

We consider a calculus for multiparty sessions enriched with security levels for messages. We propose a monitored semantics for this calculus, which blocks the execution of processes as soon as they attempt to leak information. We illustrate the use of this semantics with various examples, and show that the induced safety property is compositional and that it is strictly included between a typability property and a security property proposed for an extended calculus in previous work. † Dedicated to the Memory of Kohei Honda

[1]  Riccardo Focardi,et al.  Verifying persistent security properties , 2004, Comput. Lang. Syst. Struct..

[2]  Gérard Boudol,et al.  Secure Information Flow as a Safety Property , 2009, Formal Aspects in Security and Trust.

[3]  Francesco Tiezzi,et al.  Regulating data exchange in service oriented applications , 2007, FSEN'07.

[4]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[5]  Riccardo Focardi,et al.  Information flow security in dynamic contexts , 2006, J. Comput. Secur..

[6]  Kohei Honda,et al.  Types for Dyadic Interaction , 1993, CONCUR.

[7]  John C. Mitchell,et al.  Privacy and Utility in Business Processes , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[8]  Cédric Fournet,et al.  Cryptographic Protocol Synthesis and Verification for Multiparty Sessions , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[9]  Alejandro Russo,et al.  From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research , 2009, Ershov Memorial Conference.

[10]  David A. Schmidt,et al.  Automata-Based Confidentiality Monitoring , 2006, ASIAN.

[11]  Loris D'Antoni,et al.  Global Progress in Dynamically Interleaved Multiparty Sessions , 2008, CONCUR.

[12]  Kohei Honda,et al.  An Interaction-based Language and its Typing System , 1994, PARLE.

[13]  Andrew C. Myers,et al.  Dynamic security labels and static information flow control , 2007, International Journal of Information Security.

[14]  Cédric Fournet,et al.  Secure Enforcement for Global Process Specifications , 2009, CONCUR.

[15]  Ilaria Castellani,et al.  Session Types for Access and Information Flow Control , 2010, CONCUR.

[16]  Vasco Thudichum Vasconcelos,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 1998, SecReT@ICALP.

[17]  Rocco De Nicola,et al.  Testing Equivalence for Processes , 1983, ICALP.

[18]  Andrei Sabelfeld,et al.  Tight Enforcement of Information-Release Policies for Dynamic Languages , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[19]  Mariangiola Dezani-Ciancaglini,et al.  Sessions and Session Types: An Overview , 2009, WS-FM.

[20]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .