Secure safe ambients

Secure Safe Ambients (SSA) are a typed variant of Safe Ambients [9], whose type system allows behavioral invariants of ambients to be expressed and verified. The most significant aspect of the type system is its ability to capture both explicit and implicit process and ambient behavior: process types account not only for immediate behavior, but also for the behavior resulting from capabilities a process acquires during its evolution in a given context. Based on that, the type system provides for static detection of security attacks such as Trojan Horses and other combinations of malicious agents.We study the type system of SSA, define algorithms for type checking and type reconstruction, define powerful languages for expressing security properties, and study a distributed version of SSA and its type system. For the latter, we show that distributed type checking ensures security even in ill-typed contexts, and discuss how it relates to the security architecture of the Java Virtual Machine.

[1]  Luca Cardelli,et al.  Ambient Groups and Mobility Types , 2000, IFIP TCS.

[2]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[3]  Luca Cardelli,et al.  Types for mobile ambients , 1999, POPL '99.

[4]  Jan Vitek,et al.  Seal: A Framework for Secure Mobile Computations , 1998, ICCL Workshop: Internet Programming Languages.

[5]  Henk Barendregt,et al.  The Lambda Calculus: Its Syntax and Semantics , 1985 .

[6]  Flemming Nielson,et al.  Static Analysis of Processes for No and Read-Up nad No Write-Down , 1999, FoSSaCS.

[7]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[8]  Flemming Nielson,et al.  Shape analysis for mobile ambients , 2000, POPL '00.

[9]  Flemming Nielson,et al.  Validating Firewalls in Mobile Ambients , 1999, CONCUR.

[10]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[11]  Luca Cardelli,et al.  Mobility Types for Mobile Ambients , 1999, ICALP.

[12]  F. Nielson,et al.  Static Analysis of Processes for No Read-Up and No Write-Down , 1999 .

[13]  Jan Vitek,et al.  Secure composition of untrusted code: wrappers and causality types , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[14]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[15]  Davide Sangiorgi,et al.  Controlling interference in ambients , 2000, POPL '00.

[16]  Peter J. Denning,et al.  Fault Tolerant Operating Systems , 1976, CSUR.