Information-Flow Control by Means of Security Wrappers for Active Object Languages with Futures
Paper i proceeding, 2021

This paper introduces a run-time mechanism for preventing leakage of secure information in distributed systems. We consider a general concurrency language model where concurrent objects interact by asynchronous method calls and futures. The aim is to prevent leakage of secure information to low-level viewers. The approach is based on a notion of security wrappers, where a wrapper encloses an object or a component and controls its interactions with the environment. Our run-time system automatically adds a wrapper to an insecure component.The wrappers are invisible such that a wrapped component and its environment are not aware of it. The security policies of a wrapper are formalized based on a notion of security levels. At run-time, future components will be wrapped upon need, and objects of unsafe classes will be wrapped, using static checking to limit the number of unsafe classes and thereby reducing run-time overhead. We define an operational semantics and sketch a proof of non-interference. A service provider may use wrappers to protect its services in an insecure environment, and vice-versa: a system platform may use wrappers to protect itself from insecure service providers.

Distributed systems

Non-interference

Active objects

Language-based security

Futures

Information-flow security

Författare

Farzane Karami

Universitetet i Oslo

Olaf Owe

Universitetet i Oslo

Gerardo Schneider

Chalmers, Data- och informationsteknik, Formella metoder

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 12556 LNCS 74-91

25th Nordic Conference on Secure IT Systems, NordSec 2020
Virtual, Online, ,

Ämneskategorier

Inbäddad systemteknik

Datavetenskap (datalogi)

Datorsystem

DOI

10.1007/978-3-030-70852-8_5

Mer information

Senast uppdaterat

2021-04-15