Confidentiality Analysis of Mobile Systems

icon

20

pages

icon

English

icon

Documents

Écrit par

Publié par

Lire un extrait
Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris
icon

20

pages

icon

English

icon

Ebook

Lire un extrait
Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Confidentiality Analysis of Mobile Systems Jérôme Feret Laboratoire d'Informatique de l'École Normale Supérieure ENS-LIENS, 45, rue d'Ulm, 75230 PARIS cédex 5, FRANCE Abstract. We propose an abstract interpretation-based analysis for au- tomatically detecting all potential interactions between the agents of a part of a mobile system, without much knowledge about the rest of it. We restrict our study to mobile systems written in the pi-calculus, and in- troduce a non-standard semantics which restores the link between chan- nels and the processes that have created them. This semantics also allows to describe the interaction between a system and an unknown context. It is, to the best of our knowledge, the first analysis for this problem. We then abstract this non-standard semantics into an approximated one so as to automatically obtain a non-uniform description of the communica- tion topology of mobile systems which compute in hostile contexts. 1 Introduction Growing requirements of society impose the use of widely spread mobile systems of processes. In such systems the communication topology dynamically changes during processes computations, so that their analysis is a very difficult task. Furthermore, the size of systems, such as the Internet for instance, is large enough to prevent a single person from knowing the whole system. That is why we are interested in validating properties on a mobile system, which is a part of bigger one, called its context, without having precise knowledge of this context.

  • abstract interpretation

  • uniform

  • analysis only

  • based methods

  • only name

  • standard semantics

  • interaction between


Voir Alternate Text

Publié par

Nombre de lectures

8

Langue

English

1
Confidentiality Analysis of Mobile Systems
Jérôme Feret
jerome.feret@ens.fr Laboratoire d’Informatique de l’École Normale Supérieure ENS-LIENS, 45, rue d’Ulm, 75230 PARIS cédex 5, FRANCE http://www.di.ens.fr/~feret
Abstract.We propose an abstract interpretation-based analysis for au-tomatically detecting all potential interactions between the agents of a part of a mobile system, without much knowledge about the rest of it. We restrict our study to mobile systems written in theπ-calculus, and in-troduce a non-standard semantics which restores the link between chan-nels and the processes that have created them. This semantics also allows to describe the interaction between a system and an unknown context. It is, to the best of our knowledge, the first analysis for this problem. We then abstract this non-standard semantics into an approximated one so as to automatically obtain a non-uniform description of the communica-tion topology of mobile systems which compute in hostile contexts.
Introduction
Growing requirements of society impose the use of widely spread mobile systems of processes. In such systems the communication topology dynamically changes during processes computations, so that their analysis is a very difficult task. Furthermore, the size of systems, such as the Internet for instance, is large enough to prevent a single person from knowing the whole system. That is why we are interested in validating properties on a mobile system, which is a part of bigger one, called its context, without having precise knowledge of this context. We address the problem of proving the confidentiality of such a mobile sys-tem: we propose to automatically infer a sound and accurate description of the topology of the interactions between the agents of this mobile system, in or-der to prove that private information can only be communicated to authorized agents. This description should be non-uniform, in order to distinguish between recursive instances of processes. This allows for instance to prove that in anftp protocol the response to a query is returned to the correct customer. We propose an automatic abstract interpretation-based analysis for the full πsuitable formalism to describe mobile systems of-calculus [18,19] which is a processes. We present a new non-standard semantics, in the style of Venet’s work [22], which mainly consists of labeling each recursive instance of processes with markers, in a deterministic way inferred during process creation. This la-beling allows to trace precisely the origin of channels and to distinguish between recursive instances of processes, which cannot be done with the standard seman-tics. Besides, we require no further restrictions on theπ-calculus. Moreover, our
semantics is general enough to approximate the potential behaviour of a small known system in any unknown context. Several abstractions of our non-standard semantics can be deduced, using Abstract Interpretation, we propose a generic abstract semantics to describe the interactions between processes and between the system’s context, in order to automatically prove confidentiality properties. The implementation of the prod-uct between this semantics and another one focusing on counting occurrences of processes during computations [13] has lead to original results. The standard semantics is given in Sect. 3. We define the non-standard se-mantics in Sect. 4. We design a generic abstract analysis to validate confiden-tiality of systems in Sect. 5 and instantiate it in Sect. 6. Acknowledgments.We deeply thank anonymous referees for their signif-icant comments on an early version. We wish also to thank Patrick and Rad-hia Cousot, Arnaud Venet, Ian Mackie, François Maurel, David Monniaux and François Pottier, for their comments and discussions.
2
Related Work
The problem of proving the confidentiality of a mobile system has been studied extensively. Several type-based methods have been proposed to capture non-interference properties between processes in [1,16] or to study information flow properties in [15]. All these works rely on the use of a partial order of security levels, and consist in statically checking that, owing analyzed properties, low security level agents cannot violate higher security level information. Control flow analysis only focus on the flow information. Several uniform (or monovariant) analyses have been proposed [3,4]. Non-uniform (or polyvariant) analysis allows to describe the interaction between iterations of the same re-cursive process. This is not achievable by type-based methods, since the same security level is inferred for all recursive instances of the same process. For in-stance, in [20] to prove the confidentiality of a customer-server protocol, the set of customers has to be known before the beginning of the analysis. Only very few non-uniform analyses are available. Some alias analyses to infer pointer equality relationships are non-uniform, e.g. [12] which refines a uniform analysis (trivially based on type declaration). This has been applied by Colby to design a non-uniform control flow analysis forcmlin [6]. This requires a good uniform approximation of the control flow of a system before starting the non-uniform analysis. Our study follows Venet’s work on theπ-calculus [22], which allows to infer a sound non-uniform description of the topology of communication between the agents offriendly systems[18], in where resources cannot be nested. We consider the fullπ-calculus with nested replications. Moreover, we consider any open sys-tem and approximate the interaction between this system and its context which, to the best of our knowledge has never been achieved in a control flow analysis of theπ-calculus. In particular, contrary to [1] we can propagate interactions
Voir Alternate Text
  • Univers Univers
  • Ebooks Ebooks
  • Livres audio Livres audio
  • Presse Presse
  • Podcasts Podcasts
  • BD BD
  • Documents Documents
Alternate Text