Secure Composition of Untrusted Code: Wrappers and Causality Types

1 / 15

# Secure Composition of Untrusted Code: Wrappers and Causality Types - PowerPoint PPT Presentation

Secure Composition of Untrusted Code: Wrappers and Causality Types. Kyle Taylor. Introduction. Calculus Vs. Logic Vs. Algebra. Calculus Branch of mathematics that studies continuously changing properties Characterized by the use of infinite processes, involving passage to a limit Logic

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Secure Composition of Untrusted Code: Wrappers and Causality Types' - allayna

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Secure Composition of Untrusted Code: Wrappers and Causality Types

Kyle Taylor

Calculus Vs. Logic Vs. Algebra
• Calculus
• Branch of mathematics that studies continuously changing properties
• Characterized by the use of infinite processes, involving passage to a limit
• Logic
• Systematic study of valid inference
• Necessitates a distinction between logical validity and truth
• Algebra
• Branch of mathematics concerned with operations on sets
• Find solutions to systems of equations
Pi Calculus
• Generalization of Calculus of Communicating Systems(CCS)
• Contains two entities
• Processes
• Channels
• Processes interact by by synchronous rendezvous on channels
• Basic Lotos is a combination of CCS and CSP
Boxed pi Calculus
• Based on unordered asynchronous message passing
• Turning Complete
• Includes a boxing primitive
• Communication across box boundaries is strictly limited
• Process terms can not be placed on the channel
• No primitives for the movement of boxes
• It is untyped
Syntax
• Names
• All combination of letters except reserved letters
• Values and Patterns
• Values u, v
• u ::= x
• v ::= <v1 .. v2>
• Pattern p
• p ::= _
• p ::= x
• p ::= <p1 .. p2>
Syntax Continued
• Process P
• P ::= n[P]
• P ::= P | P’
• P ::= xov
• P ::= xip.P
• P ::= !xip.P
• P ::= (v x) P
• Input tag i and output tag o can be *, , n
Semantics
• Operational Semantics
• describes the meaning of a programming language by specifying how it executes on an abstract machine
• Reduction Semantics
• Defines the internal computation of the processes
• Labeled semantics
• Inductively defined on process structure by a structural operational semantics (SOS)
Filtering Example
• alice[P] | !inalicex | !outalicex | !netalicex
• W1(_) def = (v a)( a[_] | B )
• B =!in x.inax | !outax.out x
• W1 prevents Q from accessing the network
• Assumes P=0 and Q=in x.net x
Filtering Example Continued
• inalicey | alice [P | W1(Q)]
• inalicey | alice[(v a)(a[Q] | B)]
• alice[in y | (v a)(a[Q] | B)]
• alice[(v a)(in y | a[Q] | B)]
• alice[(v a)(inay | a[Q] | B)]
• alice[(v a)(a[in y | Q] | B)]
• alice[(v a)(a[net y] | B)]
• alice[(v a)(netay | a[0] | B)]
Unidirectional-flow Wrapper
• Provides ordered asynchronous communication
• Eliminates the awkwardness of only using only unordered asynchronous communication while ensuring casual independence
• Necessitates the maintaining of an unbounded buffer
Colouring and Causal Flow
• The box pi calculus is extended to handle coloring
• Output processes are annotated with the sets of colours that record their histories
• The sets of principles that have effected them in the past
• Very simple colouring that only captures a limited amount of causality information
Causality Types
• The type system statically captures causal flows
• A wrapper can be shown to satisfy the causal flow property simply by checking that it is well-typed
Discussion
• Wrappers impose security policies on components for which it is impractical to analyze the internal structure
• Alternative policies
• Java style sand boxing
• Code signing
Conclusions
• Provided techniques for proving that software wrappers enforce user specified flow constraints
• Security is solely a function of causality