Secure Composition of Insecure Components

14 years 3 months ago

Download www.cs.purdue.edu

Software systems are becoming heterogeneous: instead of a small number of large programs from well-established sources, a user's desktop may now consist of many smaller components that interact in intricate ways. Some components will be downloaded from the network from sources that are only partially trusted. A user would like to know that a number of security properties hold, e.g. that personal data is not leaked to the net, but it is typically infeasible to verify that such components are well-behaved. Instead, they must be executed in a secure environment, or wrapper, that provides fine-grain control of the allowable interactions between them, and between components and other system resources. In this paper we study such wrappers, focusing on how they can be expressed in a way that enables their security properties to be stated and proved rigorously. We introduce a model programming language, the box- calculus, that supports composition of software components and the enforceme...

Peter Sewell, Jan Vitek

Real-time Traffic

CSFW 1999 | Security Privacy | Security Properties | Smaller Components | Well-established Sources |

claim paper

Post Info
More Details (n/a)

Added	02 Aug 2010
Updated	02 Aug 2010
Type	Conference
Year	1999
Where	CSFW
Authors	Peter Sewell, Jan Vitek

Comments (0)

Sciweavers

Secure Composition of Insecure Components

CSFW 1999 | Security Privacy | Security Properties | Smaller Components | Well-established Sources |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers