Abstract
Boxed Ambients are a variant of Mobile Ambients that result from dropping the open capability and introducing new primitives for ambient communication. The new model of communication is faithful to the principles of distribution and location-awareness of Mobile Ambients, and complements the constructs in and out for mobility with finer-grained mechanisms for ambient interaction. We introduce the new calculus, study the impact of the new mechanisms for communication of typing and mobility, and show that they yield an effective framework for resource protection and access control in distributed systems.
- Amadio, R. and Prasad, S. 1994. Localities and failures. In FST&TCS. Lecture Notes in Computer Science, vol. 880. Springer-Verlag, Berlin, Germany, 206--216.]] Google ScholarDigital Library
- Bell, D. and Padula, L. L. 1976. Secure computer system: Unified exposition and multics interpretation,. Tech. rep. MTR-2997, MITRE Corporation, Bedford, MA.]]Google Scholar
- Boudol, G. 1992. Asynchrony and the π-calculus. Res. Rep. 1702. INRIA. Available online at http://www.inria.fr/rrrt/rr-1702.html. Also available from http://www-sop.inria.fr/mimosa/personnel/Gerard.Boudol.html.]]Google Scholar
- Bryce, C. and Vitek, J. 2001. The JavaSeal mobile agent kernel. Auton. Agents Multi-Agent Syst. 4, 4, 359--384.]] Google ScholarDigital Library
- Bugliesi, M. and Castagna, G. 2001. Secure safe ambients. In Proceedings of POPL'01. ACM Press, New York, NY, 222--235.]] Google ScholarDigital Library
- Bugliesi, M., Castagna, G., and Crafa, S. 2001a. Boxed ambients. In TACS'01. Lecture Notes in Computer Science, vol. 2215. Springer-Verlag, Berlin, Germany, 38--63.]] Google ScholarDigital Library
- Bugliesi, M., Castagna, G., and Crafa, S. 2001b. Reasoning about security in Mobile Ambients. In CONCUR'01. Lecture Notes in Computer Science, vol. 2154. Springer-Verlag, Berlin, Germany, 102--120.]] Google ScholarDigital Library
- Bugliesi, M., Crafa, S., Merro, M., and Sassone, V. 2002. Communication Interference in Mobile Boxed Ambients. In FSTTCS'02: Int. Conference on Foundations of Software Technology and Theoretical Computer Science. Lecture Notes in Computer Science, vol. 2556. Springer-Verlag, Berlin, Germany, 71--84.]] Google ScholarDigital Library
- Bugliesi, M., Crafa, S., Prelic, A., and Sassone, V. 2003. Secrecy in untrusted networks. In ICALP'03, International Colloquium on Automata Languages and Programming. Lecture Notes in Computer Science, vol. 2719. Springer-Verlag, Berlin, Germany, 969--983.]]Google Scholar
- Cardelli, L. 1999. Abstractions for Mobile Computation. Lecture Notes in Computer Science, vol. 1603. Springer-Verlag, Berlin, Germany, 51--94.]] Google ScholarDigital Library
- Cardelli, L., Ghelli, G., and Gordon, A. 1999. Mobility types for Mobile Ambients. In Proceedings of ICALP '99. Lecture Notes in Computer Science, vol. 1644. Springer-Verlag, Berlin, Germany, 230--239.]] Google ScholarDigital Library
- Cardelli, L., Ghelli, G., and Gordon, A. D. 2000. Ambient groups and mobility types. In International Conference IFIP TCS. Lecture Notes in Computer Science, vol. 1872. Springer-Verlag, Berlin, Germany, 333--347.]] Google ScholarDigital Library
- Cardelli, L. and Gordon, A. 1998. Mobile Ambients. In Proceedings of F0SSaCS'98. Lecture Notes in Computer Science, vol. 1378. Springer-Verlag, Berlin, Germany, 140--155.]] Google ScholarDigital Library
- Cardelli, L. and Gordon, A. 1999a. Equational properties for Mobile Ambients. In Proceedings FoSSaCS '99. Lecture Notes in Computer Science, vol. 1578. Springer-Verlag, Berlin, Germany, 212--226.]] Google ScholarDigital Library
- Cardelli, L. and Gordon, A. 1999b. Types for Mobile Ambients. In Proceedings of POPL '99. ACM Press, New York, NY, 79--92.]] Google ScholarDigital Library
- Castagna, G., Ghelli, G., and Zappa Nardelli, F. 2001. Typing mobility in the Seal Calculus. In CONCUR'01. Lecture Notes in Computer Science, vol. 2154. Springer-Verlag, Berlin, Germany, 82--101.]] Google ScholarDigital Library
- Crafa, S., Bugliesi, M., and Castagna, G. 2002. Information flow security for Boxed Ambients. In F-WAN: International Workshop on Foundations of Wide Area Networks. Electron. Note Comp. Sci. 66, 3.]]Google Scholar
- De Nicola, R., Ferrari, G., and Pugliese, R. 1998. KLAIM: A Kernel Language for Agents Interaction and Mobility. IEEE Trans. Softw. Eng. 24, 5, 315--330.]] Google ScholarDigital Library
- De Nicola, R., Ferrari, G., and Pugliese, R. 2000a. Programming access control: The KLAIM experience. In Proceedings of CONCUR'00. Lecture Notes in Computer Science, vol. 1877. Springer-Verlag, Berlin, Germany, 48--65.]] Google ScholarDigital Library
- De Nicola, R., Ferrari, G., Pugliese, R., and Venneri, B. 2000b. Types for access control. Theor. Comput. Sci. 240, 1, 215--254.]] Google ScholarDigital Library
- Degano, P., Levi, F., and Bodei, C. 2000. Safe Ambients: Control flow analysis and security. In Proceedings of ASIAN '00. Lecture Notes in Computer Science, vol. 1961. Springer-Verlag, Berlin, Germany, 199--214.]] Google ScholarDigital Library
- Department of Defense. 1985. DoD trusted computer system evaluation criteria (the orange book). DOD 5200.28-STD. Department of Defense, Washington, DC.]]Google Scholar
- Dezani-Ciancaglini, M. and Salvo, I. 2000. Security types for Safe Mobile Ambients. In Proceedings of ASIAN '00. Lecture Notes in Computer Science, vol. 1961. Springer-Verlag, Berlin, Germany, 215--236.]] Google ScholarDigital Library
- Focardi, R. and Gorrieri, R. 1997. Non-interference: Past, present and future. In Proceedings of DARPA Workshop on Foundations for Secure Mobile Code. 26--28.]]Google Scholar
- Fournet, C., Gonthier, G., Lévy, J.-J., Maranget, L., and Rémy, D. 1996. A calculus of Mobile Agents. In 7th International Conference on Concurrency Theory (CONCUR '96). Lecture Notes in Computer Science, vol. 1119. Springer-Verlag, Berlin, Germany, 406--421.]] Google ScholarDigital Library
- Fournet, C., Levy, J.-J., and A, S. 2000. An asynchronous, distributed implementation of Mobile Ambients. In International Conference IFIP TCS. Lecture Notes in Computer Science, vol. 1872. Springer-Verlag, Berlin, Germany.]] Google ScholarDigital Library
- Goguen, J. and Meseguer, J. 1982. Security policy and security models. In Proceedings of Symposium on Security and Privacy. IEEE Computer Society, 11--20.]]Google Scholar
- Gollmann, D. 1999. Computer Security. John Wiley & Sons Ltd., Chichester, U.K.]] Google ScholarDigital Library
- Hennessy, M. and Riely, J. 2002a. Information flow vs. resource access in the asynchronous π-calculus. ACM Trans. Program. Lang. Syst. 24, 5, 566--591.]] Google ScholarDigital Library
- Hennessy, M. and Riely, J. 2002b. Resource access control in systems of Mobile Agents. Inform. Comput. 173, 82--120.]] Google ScholarDigital Library
- Levi, F. and Sangiorgi, D. 2000. Controlling interference in ambients. In Proceedings of POPL '00. ACM Press, New York, NY, 352--364.]] Google ScholarDigital Library
- Merro, M. and Hennessy, M. 2002. Bisimulation conguences in Safe Ambients. In Proceedings of POPL'02. ACM Press, New York, NY, 71--80.]] Google ScholarDigital Library
- Merro, M. and Sassone, V. 2002. Typing and subtyping mobility in Boxed Ambients. In Proceedings of Concur'02. Lecture Notes in Computer Science, vol. 2421. Springer-Verlag, Berlin, Germany, 304--320.]] Google ScholarDigital Library
- Nestmann, U. 2000. What is a 'good' encoding of guarded choice? Inform. Comput. 156, 287--319.]] Google ScholarDigital Library
- Nielson, F., Nielson, H. R., Hansen, R. R., and Jensen, J. G. 1999. Validating firewalls in Mobile Ambients. In Proc. CONCUR '99. Lecture Notes in Computer Science, vol. 1664. Springer-Verlag, Berlin, Germany, 463--477.]] Google ScholarDigital Library
- Nielson, H. R. and Nielson, F. 2000. Shape analysis for Mobile Ambients. In Proceedings of POPL '00. ACM Press, New York, NY, 142--154.]] Google ScholarDigital Library
- Riely, J. and Hennessy, M. 1998. A typed language for distributed mobile processes. In Proceedings of POPL'98. ACM Press, New York, NY, 378--390.]] Google ScholarDigital Library
- Riely, J. and Hennessy, M. 1999. Trust and partial typing in open systems of Mobile Agents. In Proceedings of POPL '99. ACM Press, New York, NY, 93--104.]] Google ScholarDigital Library
- Sangiorgi, D. and A., V. 2001. A distributed abstract mathine for Safe Ambients. In Proceedings of ICALP'01. Lecture Notes in Computer Science, vol. 2076. Springer-Verlag, Berlin, Germany, 408--420.]] Google ScholarDigital Library
- Sewell, P. and Vitek, J. 2000. Secure composition of untrusted code: Wrappers and causality types. In Proceedings of the 13th IEEE Computer Security Foundations Workshop. Published in J. Comput. Sec. 11, 2, 135--187.]] Google ScholarDigital Library
- Vitek, J. and Castagna, G. 1999. Seal: A framework for secure mobile computations. In Internet Programming Languages. Lecture Notes in Computer Science, vol. 1686. Springer-Verlag, Berlin, Germany, 47--77.]] Google ScholarDigital Library
- Zimmer, P. 2000. Subtyping and typing algorithms for Mobile Ambients. In Proceedins of FoSSaCS '99. Lecture Notes in Computer Science, vol. 1784. Springer-Verlag, Berlin, Germany, 375--390.]] Google ScholarDigital Library
Index Terms
- Access control for mobile agents: The calculus of boxed ambients
Recommendations
Role-based access control for boxed ambients
Our society is increasingly moving towards richer forms of information exchange where mobility of processes and devices plays a prominent role. This tendency has prompted the academic community to study the security problems arising from such mobile ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Model checking mobile ambients
We settle the complexity bounds of the model checking problem for the ambient calculus with public names against the ambient logic. We show that if either the calculus contains replication or the logic contains the guarantee operator, the problem is ...
Comments