eprintid: 298
rev_number: 6
eprint_status: archive
userid: 32
dir: disk0/00/00/02/98
datestamp: 2011-05-24 10:15:37
lastmod: 2011-07-11 14:36:25
status_changed: 2011-05-24 10:15:37
type: article
metadata_visibility: show
item_issues_count: 0
creators_name: De Nicola, Rocco
creators_name: Gorla, Daniele
creators_name: Pugliese, Rosario
creators_id: r.denicola@imtlucca.it
creators_id: 
creators_id: 
title: Confining data and processes in global computing applications
ispublished: pub
subjects: QA75
divisions: CSA
full_text_status: none
keywords: Global computing; Formal methods; Type systems; Data secrecy
abstract: A programming notation is introduced that can be used for protecting secrecy and integrity of data in global computing applications. The approach is based on the explicit annotations of data and network nodes. Data are tagged with information about the allowed movements, network nodes are tagged with information about the nodes that can send data and spawn processes to them. The annotations are used to confine movements of data and processes. The approach is illustrated by applying it to three paradigmatic calculi for global computing, namely cKlaim (a calculus at the basis of cKlaim), (a distributed version of the [pi]-calculus) and Mobile Ambients Calculus. For all of these formalisms, it is shown that their semantics guarantees that computations proceed only while respecting confinement constraints. Namely, it is proven that, after successful static type checking, data can reside at and cross only authorised nodes. "Local" formulations of this property where only relevant subnets type check are also presented. Finally, the theory is tested by using it to model secure behaviours of a UNIX-like multiuser system.
date: 2006
date_type: published
publication: Science of Computer Programming
volume: 63
number: 1
publisher: Elsevier
pagerange: 57-87
id_number: 10.1016/j.scico.2005.07.013
refereed: TRUE
issn: 0167-6423
official_url: http://www.sciencedirect.com/science/article/pii/S0167642306001018
funders: This work has been partially supported by EU within FET — Global Computing initiative, projects MIKADO IST-2001-32222 and AGILE IST-2001-32747. The funding body is not responsible for any use that might be made of the results presented here.
citation:   De Nicola, Rocco and Gorla, Daniele and Pugliese, Rosario  Confining data and processes in global computing applications.  Science of Computer Programming, 63 (1).  pp. 57-87.  ISSN 0167-6423      (2006)