Information-Flow Control by Means of Security Wrappers for Active Object Languages with Futures

• Published in: Secure IT Systems Vol. 12556; pp. 74 - 91
• Main Authors: Karami, Farzane, Owe, Olaf, Schneider, Gerardo
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2021; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Active objects; Distributed systems; Futures; Information-flow security; Language-based security; Non-interference
• ISBN: 9783030708511; 3030708519
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-70852-8_5

This paper introduces a run-time mechanism for preventing leakage of secure information in distributed systems. We consider a general concurrency language model where concurrent objects interact by asynchronous method calls and futures. The aim is to prevent leakage of secure information to low-level viewers. The approach is based on a notion of security wrappers, where a wrapper encloses an object or a component and controls its interactions with the environment. Our run-time system automatically adds a wrapper to an insecure component.The wrappers are invisible such that a wrapped component and its environment are not aware of it. The security policies of a wrapper are formalized based on a notion of security levels. At run-time, future components will be wrapped upon need, and objects of unsafe classes will be wrapped, using static checking to limit the number of unsafe classes and thereby reducing run-time overhead. We define an operational semantics and sketch a proof of non-interference. A service provider may use wrappers to protect its services in an insecure environment, and vice-versa: a system platform may use wrappers to protect itself from insecure service providers.