We propose a new type discipline for the -calculus in which secure information ow is guaranteed by static type checking. Secrecy levels are assigned to channels and are controlled by subtyping. A behavioural notion of types capturing causality of actions plays an essential role for ensuring safe information ow in diverse interactive behaviours, making the calculus powerful enough to embed known calculi for type-based security. The paper introduces the core part of the calculus, presents its basic syntactic properties, and illustrates its use as a tool for programming language analysis by a sound embedding of a secure multi-threaded imperative calculus of Volpano and Smith. The embedding leads to a practically meaningful extension of their original type discipline.

Abstract not found

ation is to use digital signatures. Here you would verify a digital signature that is computed over the program using TrustMe's private key. But this is not much help in the scenario above. It merely provides you with confirmation that the program came from TrustMe so that they can be held accountable if some day you discover that the program did misbehave. By that time there is no telling how many "data warehouses" [13] already store the information. To appear in SIGACT News, 1998 But suppose we have a formal system, or logic, in which to reason about a program's ability to preserve privacy. Then our trust in a program could be based on the program itself, not on some digital signature for it. Further, depending on the logic, we might even have an algorithm for deciding whether programs have "privacy proofs" in the logic. And this in turn could lead to an efficient static program analyzer. All this req

. The notion of trust is presented as an important component in a security infrastructure for mobile agents. A trust model that can be used in tackling the aspect of protecting mobile agents from hostile platforms is proposed. We dene several trust relationships in our model, and present a trust derivation algorithm that can be used to infer new relationships from existing ones. An example of how such a model can be utilized in a practical system is provided. 1

hkvt99r @ ecs.soton.ac.u k

Originated in the 70's, security of computer systems became soon an essential requirement for many applications, especially in the last decade, due to the widespread diffusion of distributed systems and networks. Mobility is really shaping these systems, leading to new scenarios in which security problems become more and m ore urgent. The software executed on a computer needs not to be produced for it anymore, as it can also be downloaded from a server, somewhere on the net. Consequently , each computational environment offers a general and distributed platform to programs that can be concurrently executed by users either locally or remotely. This make s it mandatory to fix precise policies for access rights to obtain non-interference and the protection of private information. Moreover, it is necessary to face up to the heterogeneity of administration domains and untrustability of connections, due to geographic distribution: communications between nodes have to be guaranteed, both by making it possible to identify partners during the sessions and by preserving the secrecy and integrity of the data exchanged. To this end specifications for messa ge exchange, called security protocols, are defined on the basis of cryptographic algorithms. Even though carefully designed, protocols may have flaws, allowing malici ous agents or intruders to violate security. An intruder, gaining some control over the communication network, is able to intercept or forge or invent messages to conv ince agents to reveal sensitive information or to believe it is one of the legitimate agents in the session. Cryptography can minimize possible malicious effects.

The explosive development of computer networks and wireless network connections, especially new generations of personal digital assistants connectable to cellular phones, creates a need for new technologies. Users have discovered the benefits of accessing information all the time, but they are still confronted with the complexity of the network infrastructure, the different access protocols and the heterogeneity of, for example, Internet information sources. The currently used client-server paradigm in distributed systems is not suitable for mobile computing platforms, which are often disconnected from the network for long periods or faced with sudden connection failures. Mobile agents introduce a new approach to the architecture and implementation of distributed systems. Mobile agents are autonomous programs with persistent identity which move around a network of their own volition and can communicate with their environment and with other agents. Mobile agent systems use specialized ...

Mobile agents (MAs) have been proposed for de-centralized network management. This paper explains how Aglets, a Java open-source MA framework, not a proprietary system, can be used for secure network management, offering an alternative to or complementing SNMPv3 security. The solution prototyped is a hybrid environment where network management applications use MAs to interact locally with SNMP agents via the SNMP protocol. The implemented class libraries extend the security infrastructure of Aglets, by incorporating cryptographic functions through the Java Cryptography Extensions (JCEs). The extension enables data fields to be encrypted, while code is to be digitally signed. Legacy SNMPv1 and v2 enabled devices, with elementary security, can also be upgraded through this approach, which can effectively avoid a range of attacks. Consideration has been given to auxiliary functionality such as responding to SNMP traps, key distribution, logging, and secure clock synchronization.

Abstract: Even with attractive computational advantages, mobile agent technology has not developed its full potential due to various security issues. This paper proposes a method called Private Key Consignment to solve the problem of how to protect the data carried by mobile agents. It exploits new functionalities and mechanism provided by the trusted computing technology, and adopts both public key and symmetric key cryptographic means for data and key protection. The most notable feature of this method is that it protects the private key of the agent by consigning it to a tamper proof hardware, thus, enabling convenient and secure use of the private key. It provides a new scheme of mobile agents ’ data protection. Key words: private key consignment; mobile agent; trusted computing; TPM 1.

Abstract not found