Information flow security in dynamic contexts

摘要

We study information flow security in the setting of mobile agents. We propose a sufficient condition to security named Persistent_BNDC. A process is Persistent_BNDC when every of its reachable states satisfies a basic Non-interference property called BNDC. By imposing that security persists during process execution, one is guaranteed that every potential migration is performed in a stable, secure state. We define a suitable bisimulation-based equivalence relation among processes, that allows us to express the new property as a single equivalence check, thus avoiding the universal quantifications over all the reachable states (required by Persistent_BNDC) and over all the possible hostile environments (implicit in the basic Non-interference property BNDC). We prove that Persistent_BNDC is a sufficient condition to the security of mobile agents by (ⅰ) giving a sound and complete characterization of Persistent_BNDC in terms of dynamic contexts, i.e., execution contexts that can non-deterministically change at run-time, abstractly modelling arbitrary migrations; (ⅱ) showing that Persistent_BNDC implies information flow security when agent mobility is explicitly expressed in the calculus.