25 May 2007

Ana Matos, talk on Non-disclosure for Distributed Mobile Code

Non-disclosure for Distributed Mobile Code
Ana Matos
Instituto Superior Técnico

This talk is about ensuring confidentiality in networks. More specifically, it is about controlling information flows between subjects that have been given different security clearances, in the context of a distributed setting with code mobility. Clearly, in such a setting, one cannot assume resources to be accessible by all programs at all times. In fact, a network can be seen as a collection of sites where conditions for computation to occur are not guaranteed by one site alone. Could these failures be exploited as covert information flow channels? The answer is Yes. New security leaks, that we call migration leaks, arise from the fact that execution or suspension of programs now depend on the position of resources over the network, which may in turn depend on secret information. In order to deal with migration leaks, we will consider the non-disclosure policy for networks, a generalization of non-interference that handles declassification in a network setting, and see how to enforce it over an expressive distributed calculus, by means of a type and effect system