A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is
A variant of Mobile Ambient Calculus is introduced, called Boundary Ambient, to model multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, we define a notion of non-interference which captures the absence of any (both direct and indirect) information leakage. Then, we guarantee non-interference by extending a control flowdoi:10.1016/s1571-0661(04)81010-7 fatcat:4ix4b43xmjgm7kwhu47dhupxi4