{"title":"手机代码的保密性:一个简单的支付协议的情况","authors":"M. Dam, Pablo Giambiagi","doi":"10.1109/CSFW.2000.856940","DOIUrl":null,"url":null,"abstract":"We propose an approach to support confidentiality for mobile implementations of security-sensitive protocols using Java/JVM. An applet which receives and passes on confidential information onto a public network has a rich set of direct and indirect channels available to it. The problem is to constrain applet behaviour to prevent those leakages that are unintended while preserving those that are specified in the protocol. We use an approach based on the idea of correlating changes in observable behaviour with changes in input. In the special case where no changes in (low) behaviour are possible we retrieve a version of noninterference. Mapping our approach to JVM a number of particular concerns need to be addressed, including the use of object libraries for IO, the use of labelling to track input/output of secrets, and the choice of proof strategy. We use the bisimulation proof technique. To provide user feedback we employ a variant of proof-carrying code to instrument a security assistant which will let users of an applet inquire about its security properties such as the destination of data input into different fields.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"293 ","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":"{\"title\":\"Confidentiality for mobile code: the case of a simple payment protocol\",\"authors\":\"M. Dam, Pablo Giambiagi\",\"doi\":\"10.1109/CSFW.2000.856940\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose an approach to support confidentiality for mobile implementations of security-sensitive protocols using Java/JVM. An applet which receives and passes on confidential information onto a public network has a rich set of direct and indirect channels available to it. The problem is to constrain applet behaviour to prevent those leakages that are unintended while preserving those that are specified in the protocol. We use an approach based on the idea of correlating changes in observable behaviour with changes in input. In the special case where no changes in (low) behaviour are possible we retrieve a version of noninterference. Mapping our approach to JVM a number of particular concerns need to be addressed, including the use of object libraries for IO, the use of labelling to track input/output of secrets, and the choice of proof strategy. We use the bisimulation proof technique. To provide user feedback we employ a variant of proof-carrying code to instrument a security assistant which will let users of an applet inquire about its security properties such as the destination of data input into different fields.\",\"PeriodicalId\":377637,\"journal\":{\"name\":\"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13\",\"volume\":\"293 \",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2000-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSFW.2000.856940\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.2000.856940","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Confidentiality for mobile code: the case of a simple payment protocol
We propose an approach to support confidentiality for mobile implementations of security-sensitive protocols using Java/JVM. An applet which receives and passes on confidential information onto a public network has a rich set of direct and indirect channels available to it. The problem is to constrain applet behaviour to prevent those leakages that are unintended while preserving those that are specified in the protocol. We use an approach based on the idea of correlating changes in observable behaviour with changes in input. In the special case where no changes in (low) behaviour are possible we retrieve a version of noninterference. Mapping our approach to JVM a number of particular concerns need to be addressed, including the use of object libraries for IO, the use of labelling to track input/output of secrets, and the choice of proof strategy. We use the bisimulation proof technique. To provide user feedback we employ a variant of proof-carrying code to instrument a security assistant which will let users of an applet inquire about its security properties such as the destination of data input into different fields.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
