Information-Flow Control by Means of Security Wrappers for Active Object Languages with Futures
Paper i proceeding, 2021

This paper introduces a run-time mechanism for preventing leakage of secure information in distributed systems. We consider a general concurrency language model where concurrent objects interact by asynchronous method calls and futures. The aim is to prevent leakage of secure information to low-level viewers. The approach is based on a notion of security wrappers, where a wrapper encloses an object or a component and controls its interactions with the environment. Our run-time system automatically adds a wrapper to an insecure component.The wrappers are invisible such that a wrapped component and its environment are not aware of it. The security policies of a wrapper are formalized based on a notion of security levels. At run-time, future components will be wrapped upon need, and objects of unsafe classes will be wrapped, using static checking to limit the number of unsafe classes and thereby reducing run-time overhead. We define an operational semantics and sketch a proof of non-interference. A service provider may use wrappers to protect its services in an insecure environment, and vice-versa: a system platform may use wrappers to protect itself from insecure service providers.

Language-based security



Active objects

Information-flow security

Distributed systems


Farzane Karami

Universitetet i Oslo

Olaf Owe

Universitetet i Oslo

Gerardo Schneider

Göteborgs universitet

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 12556 LNCS 74-91
9783030708511 (ISBN)

25th Nordic Conference on Secure IT Systems, NordSec 2020
Virtual, Online, ,


Inbäddad systemteknik

Datavetenskap (datalogi)




Mer information

Senast uppdaterat