Information Leakage Detection in Boundary Ambients1 1Partially supported by MIUR Projects "Interpretazione Astratta, Type Systems e Analisi Control-Flow" and "Modelli formali per la sicurezza", and the EU Contract IST-2001-32617 "Models and Types for Security in Mobile Distributed Systems"

Chiara Braghin, Agostino Cortesi, Riccardo Focardi
2003 Electronical Notes in Theoretical Computer Science  
A variant of Mobile Ambient Calculus is introduced, called Boundary Ambient, to model multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, we define a notion of non-interference which captures the absence of any (both direct and indirect) information leakage. Then, we guarantee non-interference by extending a control flow
more » ... ysis that computes an over approximation of all ambients and capabilities that may be affected by the actual values of high level data.
doi:10.1016/s1571-0661(04)81010-7 fatcat:4ix4b43xmjgm7kwhu47dhupxi4