14/03/2008, 16:00 — 17:00 — Tagus-1.1
Ana Matos, Instituto Superior Técnico
Non-disclosure for Distributed Mobile Code
This talk is about ensuring confidentiality in networks. More
specifically, it is about controlling information flows between
subjects that have been given different security clearances, in the
context of a distributed setting with code mobility. In a network
setting, one cannot assume resources to be accessible by all
programs at all times. In fact, a network can be seen as a
collection of sites where conditions for computation to occur are
not guaranteed by one site alone. New security leaks, that we call
migration leaks, arise from the fact that execution or suspension
of programs now depend on the position of resources over the
network, which may in turn depend on secret information.<br
/> In order to deal with migration leaks, we will consider the
non-disclosure policy for networks, a generalization of
non-interference that handles declassification in a network
setting, and see how to enforce it over an expressive distributed
calculus, by means of a type and effect system.
