Information flow security in Boundary Ambients

Chiara Braghin, Agostino Cortesi, Riccardo Focardi
2008 Information and Computation  
A variant of the Mobile Ambient calculus, called Boundary Ambients, is introduced, supporting the modelling of multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, absence of direct information leakage is granted as soon as the initial process satisfies some syntactic conditions. We then give a new notion of non-interference
more » ... or Boundary Ambients aiming at capturing indirect flows, too. We design a control flow analysis that computes an over-approximation of all ambients that may be affected at run-time by high-level data and we show that this static analysis can be used to enforce non-interference, i.e., to statically detect that no (direct or indirect) information leakage is ever possible at run-time.
doi:10.1016/j.ic.2007.12.001 fatcat:2qtjsb32vva2dh64lleuszp564