Information-Flow Control by Means of Security Wrappers for Active Object Languages with Futures
Paper in proceedings, 2021

This paper introduces a run-time mechanism for preventing leakage of secure information in distributed systems. We consider a general concurrency language model where concurrent objects interact by asynchronous method calls and futures. The aim is to prevent leakage of secure information to low-level viewers. The approach is based on a notion of security wrappers, where a wrapper encloses an object or a component and controls its interactions with the environment. Our run-time system automatically adds a wrapper to an insecure component.The wrappers are invisible such that a wrapped component and its environment are not aware of it. The security policies of a wrapper are formalized based on a notion of security levels. At run-time, future components will be wrapped upon need, and objects of unsafe classes will be wrapped, using static checking to limit the number of unsafe classes and thereby reducing run-time overhead. We define an operational semantics and sketch a proof of non-interference. A service provider may use wrappers to protect its services in an insecure environment, and vice-versa: a system platform may use wrappers to protect itself from insecure service providers.

Distributed systems

Non-interference

Active objects

Language-based security

Futures

Information-flow security

Author

Farzane Karami

University of Oslo

Olaf Owe

University of Oslo

Gerardo Schneider

Chalmers, Computer Science and Engineering (Chalmers), Formal methods

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 12556 LNCS 74-91

25th Nordic Conference on Secure IT Systems, NordSec 2020
Virtual, Online, ,

Subject Categories

Embedded Systems

Computer Science

Computer Systems

DOI

10.1007/978-3-030-70852-8_5

More information

Latest update

4/15/2021