Secure safe ambients


<i>Secure Safe Ambients</i> (SSA) are a typed variant of <i>Safe Ambients</i> [9], whose type system allows behavioral invariants of ambients to be expressed and verified. The most significant aspect of the type system is its ability to capture <i>both</i> explicit <i>and</i> implicit process and ambient behavior: process types account not only for immediate behavior, but also for the behavior resulting from capabilities a process acquires during its evolution in a given context. Based on that, the type system provides for static detection of security attacks such as <i>Trojan Horses</i> and other combinations of malicious agents.We study the type system of SSA, define algorithms for type checking and type reconstruction, define powerful languages for expressing security properties, and study a distributed version of SSA and its type system. For the latter, we show that distributed type checking ensures security even in ill-typed contexts, and discuss how it relates to the security architecture of the Java Virtual Machine.

DOI: 10.1145/360204.360223

Extracted Key Phrases

5 Figures and Tables


Citations per Year

105 Citations

Semantic Scholar estimates that this publication has 105 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@inproceedings{Bugliesi2001SecureSA, title={Secure safe ambients}, author={Michele Bugliesi and Giuseppe Castagna}, booktitle={POPL}, year={2001} }