Title :
Sandboxing in myKlaim
Author :
Hansen, René Rydhof ; Probst, Christian W. ; Nielson, Flemming
Author_Institution :
Informatics & Math. Modelling, Tech. Univ. Denmark, Lyngby, Denmark
Abstract :
The μKlaim calculus is a process algebra designed to study the programming of distributed systems consisting of a number of locations each having their own tuple space and collection of mobile processes. Previous work has explored how to incorporate a notion of capabilities to be enforced dynamically by means of a reference monitor. Our first contribution is to describe a sandboxing semantics for the remote evaluation of mobile code; we then develop a succinct flow logic for statically guaranteeing the properties enforced by the reference monitor and hence for dispensing with the overhead of a dynamic reference monitor. Our second contribution is an extension of the calculus to interact with an environment; processes enter the system from the environment and we develop an entry-condition that is sufficient for ensuring that the resulting system continues to guarantee the properties that would otherwise need to be dynamically enforced by the reference monitor. We call the resulting calculus myKlaim.
Keywords :
authorisation; distributed programming; open systems; process algebra; programming language semantics; control flow analysis; distributed programming; distributed system; mobile code; mobile process; myKlaim calculus; process algebra; reference monitor; sandboxing semantics; tuple space; Algebra; Calculus; Informatics; Logic; Mathematical model; Mathematical programming; Mobile computing; Process design; Remote monitoring; Security;
Conference_Titel :
Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on
Print_ISBN :
0-7695-2567-9
DOI :
10.1109/ARES.2006.115
