security policies as membranes in systems for global
play

Security Policies as Membranes in Systems for Global Computing - PowerPoint PPT Presentation

Nov 10, 2022 •258 likes •628 views

Why What How Conclusion Security Policies as Membranes in Systems for Global Computing Vladimiro Sassone University of Sussex, UK GC 2004: MyThS/MIKADO/DART Meeting Venice 15.06.04 with D. Gorla, M. Hennessy V. Sassone Security Polices

  1. Why What How Conclusion Security Policies as Membranes in Systems for Global Computing Vladimiro Sassone University of Sussex, UK GC 2004: MyThS/MIKADO/DART Meeting Venice 15.06.04 with D. Gorla, M. Hennessy V. Sassone Security Polices as Membranes

  2. Why What How Conclusion Why 1 What 2 How 3 Barring actions Counting actions Sequencing actions Controlling coalitions Conclusion 4 V. Sassone Security Polices as Membranes

  3. Why What How Conclusion Why Most calculi/languages for GC rely on code mobility to model interprocesses interactions; This leads to security concerns (malicious agents can compromise ‘good’ sites through viruses, spammings, denial-of-service attacks, ...); V. Sassone Security Polices as Membranes

  4. Why What How Conclusion Why Most calculi/languages for GC rely on code mobility to model interprocesses interactions; This leads to security concerns (malicious agents can compromise ‘good’ sites through viruses, spammings, denial-of-service attacks, ...); Thus, code mobility usually equipped with security checks : static checks: make the run-time as efficient as possible, but 1 it may be not adequate in practice; dynamic checks: make the runtime heavier, execution 2 slower, but are flexible. V. Sassone Security Polices as Membranes

  5. Why What How Conclusion Simple Systems are (plain) collections of sites; Sites are places for computations, divided in at least two layers: a computing body a membrane , to carry on security related issues membranes regulate the interactions between the computing body and the environment around the site differently from Boudol’s and Stefani’s: our membranes are not fully-fledged computing entities. They only implement higher-level (type related) verification on incoming agents. V. Sassone Security Polices as Membranes

  6. Why What How Conclusion The Objectives Run an initial investigation into what kind of security policies can be implemented through membranes, and how . This is related to, and aims at generalizing for the specific application the security types developed for D π and K LAIM ; the session types by Honda et al; the generic types by Igarashi, Kobayashi. V. Sassone Security Polices as Membranes

  7. Why What How Conclusion What a formal framework to formalize processes running in a GC 1 system, whose activities are local computations and migrations ; membranes to implement advanced checks on incoming 2 agents (including notions of trust and proof-carrying code ); tools to enforce different kind of policies. 3 V. Sassone Security Polices as Membranes

  8. Why What How Conclusion A Calculus for Migrations A minimal calculus (Turing not an issue here) BasicActions a , b , c , ... ∈ Act Localities l , h , k , ... ∈ Loc � a . P � go � P | Q � ! P � � � � Agents P , Q , R ::= nil T l . P � l [ � N 1 � N 2 � � Systems N ::= 0 [ M | � P ] ] where V. Sassone Security Polices as Membranes

  9. Why What How Conclusion A Calculus for Migrations A minimal calculus (Turing not an issue here) BasicActions a , b , c , ... ∈ Act Localities l , h , k , ... ∈ Loc � a . P � go � P | Q � ! P � � � � Agents P , Q , R ::= nil T l . P � l [ � N 1 � N 2 � � Systems N ::= 0 [ M | � P ] ] where l [ [ M | � P ] ] is a site with address l , membrane M and hosting process P ; go T l . P is an agent willing to migrate on l , whose body is P and exhibiting as PCC the policy T . V. Sassone Security Polices as Membranes

  10. Why What How Conclusion Dynamic Semantics – local Local behaviours: l [ [ M | � a . P | Q ] ] − → l [ [ M | � P | Q ] ] Remark: we are not really interested in the local computations. V. Sassone Security Polices as Membranes

  11. Why What How Conclusion Dynamic Semantics – migration Migration: [ M ′ | [ M ′ | k [ [ M | � go T l . P | Q ] ] � l [ � R ] ] − → k [ [ M | � Q ] ] � l [ � P | R ] ] This reduction may happen only if P complies with M ′ . V. Sassone Security Polices as Membranes

  12. Why What How Conclusion Dynamic Semantics – migration Migration: [ M ′ | [ M ′ | k [ [ M | � go T l . P | Q ] ] � l [ � R ] ] − → k [ [ M | � Q ] ] � l [ � P | R ] ] This reduction may happen only if P complies with M ′ . But checking whole processes at migration can be very expensive! Solution: PCCs. A source-generated and certified ‘process outline’ accepted as such at destination. V. Sassone Security Polices as Membranes

  13. Why What How Conclusion The matter with certification When can we consider PCCs? They are easy to verify (they are usually very small, if compared to the process they refer to), but they can be dangerous (if they don’t certify properly the process behaviour) V. Sassone Security Polices as Membranes

  14. Why What How Conclusion The matter with certification When can we consider PCCs? They are easy to verify (they are usually very small, if compared to the process they refer to), but they can be dangerous (if they don’t certify properly the process behaviour) A compromise: we can safely consider PCCs of agents coming from trusted sites, i.e. sites that calculate the PCC attached to a migrating agent “properly.” V. Sassone Security Polices as Membranes

  15. Why What How Conclusion Trust Each site store the trust it has on other sites, as part of its membrane . Thus, a membrane is a couple ( M t , M p ) , where M t : Loc → { good , bad , unknown } ; M p is an upper bound to the local actions of incoming agents. V. Sassone Security Polices as Membranes

  16. Why What How Conclusion The Migration Rule – revised [ M ′ | k [ [ M | � go T l . P | Q ] ] � l [ � R ] ] [ M ′ | if M ′ ⊢ k − → k [ [ M | � Q ] ] � l [ � P | R ] ] T P where M ′ ⊢ k T P is if M ′ t ( k ) = good then ( T enforces M ′ p ) else ⊢ P : M ′ p and predicate enforces is a partial order on policies; ⊢ is a compliance check of a process against a policy. V. Sassone Security Polices as Membranes

  17. Why What How Conclusion Barring actions Counting actions Sequencing actions Controlling coalitions Policies as Constraints on Legal Actions a site only provides some methods (i.e. only some actions can be executed while running in it) a policy T is a subset of Act ∪ Loc where a process can only execute locally actions in T a process can only migrate on sites in T V. Sassone Security Polices as Membranes

  18. Why What How Conclusion Barring actions Counting actions Sequencing actions Controlling coalitions Policies as Constraints on Legal Actions a site only provides some methods (i.e. only some actions can be executed while running in it) a policy T is a subset of Act ∪ Loc where a process can only execute locally actions in T a process can only migrate on sites in T T enforces T ′ is simply defined as T ⊆ T ′ ; V. Sassone Security Polices as Membranes

  19. Why What How Conclusion Barring actions Counting actions Sequencing actions Controlling coalitions Policies as Constraints on Legal Actions a site only provides some methods (i.e. only some actions can be executed while running in it) a policy T is a subset of Act ∪ Loc where a process can only execute locally actions in T a process can only migrate on sites in T T enforces T ′ is simply defined as T ⊆ T ′ ; judgment ⊢ is simple. The key rules are ⊢ P : T ⊢ P : T ′ a ∈ T l ∈ T ⊢ a . P : T ⊢ go T ′ l . P : T V. Sassone Security Polices as Membranes

  20. Why What How Conclusion Barring actions Counting actions Sequencing actions Controlling coalitions Policies as Constraints on Legal Actions (ctd) a system N is well-formed , written ⊢ N : ok , if “good” nodes only hosts “good” agents. Formally: ⊢ P : M p l good l not good ⊢ l [ [ M | � P ] ] : ok ⊢ l [ [ M | � P ] ] : ok V. Sassone Security Polices as Membranes

  21. Why What How Conclusion Barring actions Counting actions Sequencing actions Controlling coalitions Policies as Constraints on Legal Actions (ctd) a system N is well-formed , written ⊢ N : ok , if “good” nodes only hosts “good” agents. Formally: ⊢ P : M p l good l not good ⊢ l [ [ M | � P ] ] : ok ⊢ l [ [ M | � P ] ] : ok → N ′ , then ⊢ N ′ : ok . Subject Reduction: If ⊢ N : ok and N − V. Sassone Security Polices as Membranes

  22. Why What How Conclusion Barring actions Counting actions Sequencing actions Controlling coalitions Counting Legal Actions sometimes, legal actions can be performed only a certain number of times. E.g.: a fair mail server allows its clients to send mails, but: it should block spamming activities of malicious clients; thus: it could allow sending at most K mails for each login of each client. V. Sassone Security Polices as Membranes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
Cell Membranes Function as Integrative Systems Understanding how cell membranes molecules

Cell Membranes Function as Integrative Systems Understanding how cell membranes molecules

Dr. Mircea Leabu - Membrane Transport (lecture's slides) Cell Membranes Function as Integrative Systems Understanding how cell membranes molecules cross-talk in assuring the membrane functioning 1. Cell Membranes Allow Exchanges of

494 views • 12 slides
Membranes, Membranes Diffusion Membranes are an arrangement of phospholipids that gather

Membranes, Membranes Diffusion Membranes are an arrangement of phospholipids that gather

Slide 1 / 74 Slide 2 / 74 Biology Membranes 2015-10-28 www.njctl.org Slide 3 / 74 Slide 4 / 74 Membranes Unit Topics Vocabulary Click on the topic to go to that section active transport integral protein Membranes, Diffusion carrier

480 views • 13 slides
Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO security standards at campuses) p ) Brian OHora, BSc (Hons) & MBA Technology Management Information Systems Services, TCD TERENA E2E

325 views • 15 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides
More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by Khoo Yit Phang April 21, 2008 To Build Secure Systems... 1.What sort of security policies can and should w e demand of our system? 2.What mechanism

325 views • 15 slides
Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats Security policies Confidentiality Policies Policy The Bell-LaPadula Model Specification Integrity Policies The Biba

698 views • 49 slides
P systems with active membranes operating under minimal parallelism Pierluigi Frisco and Gordon

P systems with active membranes operating under minimal parallelism Pierluigi Frisco and Gordon

P systems with active membranes operating under minimal parallelism Pierluigi Frisco and Gordon Govan Summary: What it is all about P systems with active membranes Operating under minimal parallelism Using different sets of rules

614 views • 40 slides
P systems with elementary active membranes: Beyond NP and coNP Antonio E. Porreca Alberto

P systems with elementary active membranes: Beyond NP and coNP Antonio E. Porreca Alberto

P systems with elementary active membranes: Beyond NP and coNP Antonio E. Porreca Alberto Leporati Giancarlo Mauri Claudio Zandron Dipartimento di Informatica, Sistemistica e Comunicazione Universit degli Studi di Milano-Bicocca, Italy 11th

314 views • 28 slides
MEMBRANES: STRUCTURE AND FUNCTION TOPIC 4 1 BIOMEDICAL IMPORTANCE Plasma membranes- form

MEMBRANES: STRUCTURE AND FUNCTION TOPIC 4 1 BIOMEDICAL IMPORTANCE Plasma membranes- form

MEMBRANES: STRUCTURE AND FUNCTION TOPIC 4 1 BIOMEDICAL IMPORTANCE Plasma membranes- form closed compartments around cellular protoplasm to separate one cell from another Selective permeabilities- provided by channels and pumps for

431 views • 42 slides
Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language policies Example policies Implementation policies High level Low level -2 Reading Material Computer Security,

764 views • 40 slides
Advocating for Policies and Action From The Declaration of POS to The Global NCD Framework and

Advocating for Policies and Action From The Declaration of POS to The Global NCD Framework and

THE HEALTHY CARIBBEAN COALITION in collaboration with CARPHA and PAHO/WHO Presents STRENGTHENING HEALTH SYSTEMS, SUPPORTING NCD ACTION Advocating for Policies and Action From The Declaration of POS to The Global NCD Framework and Beyond: A

433 views • 17 slides
Simulating EXPSPACE Turing machines using P systems with active membranes Artiom Alhazov 1 , 2

Simulating EXPSPACE Turing machines using P systems with active membranes Artiom Alhazov 1 , 2

Simulating EXPSPACE Turing machines using P systems with active membranes Artiom Alhazov 1 , 2 Alberto Leporati 1 Giancarlo Mauri 1 Antonio E. Porreca 1 Claudio Zandron 1 1 Dipartimento di Informatica, Sistemistica e Comunicazione Universit

1.16k views • 66 slides
Company Overview 1 February 2010 Introduction BAE Systems is a global defence, security and

Company Overview 1 February 2010 Introduction BAE Systems is a global defence, security and

Company Overview 1 February 2010 Introduction BAE Systems is a global defence, security and aerospace company delivering a full range of products and services for air, land and naval forces, as well as advanced electronics, security,

390 views • 12 slides
Effective actions for fluids from holography and the membrane paradigm Natalia Pinzani Fokeeva

Effective actions for fluids from holography and the membrane paradigm Natalia Pinzani Fokeeva

Effective actions for fluids from holography and the membrane paradigm Natalia Pinzani Fokeeva University of Amsterdam Oxford, 25th November, 2014 based on hep-th: 1405.4243 and on 1411.xxxx with Jan de Boer and Michal P. Heller Effective

820 views • 37 slides
A Multi-Fluid Model of Membrane Formation by Phase-Inversion Douglas R. Tree 1 and Glenn

A Multi-Fluid Model of Membrane Formation by Phase-Inversion Douglas R. Tree 1 and Glenn

A Multi-Fluid Model of Membrane Formation by Phase-Inversion Douglas R. Tree 1 and Glenn Fredrickson 1 , 2 1 Materials Research Laboratory 2 Departments of Chemical Engineering and Materials University of California, Santa Barbara Society of

380 views • 36 slides
Membrane Computing: Power, Efficiency, Applications (A Quick Introduction) Gheorghe P aun

Membrane Computing: Power, Efficiency, Applications (A Quick Introduction) Gheorghe P aun

Membrane Computing: Power, Efficiency, Applications (A Quick Introduction) Gheorghe P aun Romanian Academy, Bucharest, RGNC, Sevilla University, Spain george.paun@imar.ro, gpaun@us.es Gh. P aun, Membrane Computing. Power, Efficiency,

675 views • 52 slides
Nitrogen- -Rejecting Membranes to Rejecting Membranes to Nitrogen Increase Gas Heating Value

Nitrogen- -Rejecting Membranes to Rejecting Membranes to Nitrogen Increase Gas Heating Value

Nitrogen- -Rejecting Membranes to Rejecting Membranes to Nitrogen Increase Gas Heating Value and Recover Pipeline Natural Gas: Increase Gas Heating Value and Recover Pipeline Natural Gas: A Simple Wellhead Process Approach A Simple Wellhead

172 views • 15 slides
Cell Communication Communication between cells requires: ligand : the signaling molecule receptor

Cell Communication Communication between cells requires: ligand : the signaling molecule receptor

Cell Communication Cell Communication Communication between cells requires: ligand : the signaling molecule receptor protein : the molecule to which the ligand binds (may be on the plasma membrane or within the cell) 1 Figure 9.1 Cell

169 views • 14 slides
r t

r t

tr t tr rr rr

533 views • 24 slides
2/4/16 Sim 1 February 3, 2016 Sim 1 Lab Results Extracellular recording

2/4/16 Sim 1 February 3, 2016 Sim 1 Lab Results Extracellular recording

2/4/16 Sim 1 February 3, 2016 Sim 1 Lab Results Extracellular recording Potential changes in response to a 0.1 n A current pu lse a t Potential changes in response

224 views • 6 slides
Euler lines, nine-point circles and integrable discretisation of surfaces via the laws of physics

Euler lines, nine-point circles and integrable discretisation of surfaces via the laws of physics

Euler lines, nine-point circles and integrable discretisation of surfaces via the laws of physics by W.K. Schief The University of New South Wales, Sydney ARC Centre of Excellence for Mathematics and Statistics of Complex Systems 0. The Euler

416 views • 18 slides

More recommend