Analysing the Information Flow Properties of Object-Capability Patterns [chapter]

Toby Murray, Gavin Lowe
2010 Lecture Notes in Computer Science  
We consider the problem of detecting covert channels within security-enforcing object-capability patterns. Traditional formalisms for reasoning about the security properties of object-capability patterns require one to be aware, a priori, of all possible mechanisms for covert information flow that might be present within a pattern, in order to detect covert channels within it. We show how the CSP process algebra, and its model-checker FDR, can be applied to overcome this limitation.
doi:10.1007/978-3-642-12459-4_7 fatcat:c7xaa46kq5ejjmbfv3rfjnzzyy