Secure composition of untrusted code: wrappers and causality types

Author

Sewell, Peter ; Vitek, Jan

Author_Institution

Comput. Lab., Cambridge Univ., UK

fYear

2000

fDate

2000

Firstpage

269

Lastpage

284

Abstract

We consider the problem of assembling concurrent software systems from untrusted or partially trusted off-the-shelf components, using wrapper programs to encapsulate components and enforce security policies. In previous work we introduced the box-π process calculus with constrained interaction to express wrappers and discussed the rigorous formulation of their security properties. This paper addresses the verification of wrapper information flow properties. We present a novel causal type system that statically captures the allowed flows between wrapped possibly-badly-typed components; we use it to prove that an example unidirectional-flow wrapper enforces a causal flow property

Keywords

pi calculus; security of data; software reusability; box-π process calculus; causal type system; causality types; component encapsulation; concurrent software system assembly; constrained interaction; partially trusted off-the-shelf components; secure untrusted code composition; security policies; unidirectional-flow wrapper; untrusted off-the-shelf components; wrapper information flow property verification; wrapper programs; Assembly systems; Calculus; Information security; Software systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop, 2000. CSFW-13. Proceedings. 13th IEEE

Conference_Location

Cambridge

ISSN

1063-6900

Print_ISBN

0-7695-0671-2

Type

conf

DOI

10.1109/CSFW.2000.856943

Filename

856943