Controlling Data Movement in Global Computing Applications
Abstract
We present a programming notation aiming at protecting the secrecy of both host and agent data in global computing applications. The approach exploits annotations with sets of node addresses, called regions. A datum can be annotated with a region that specifies the network nodes that are allowed to interact with it. Network nodes come equipped with two region annotations specifying the nodes that can send data and spawn processes over them. The language semantics guarantees that computation proceeds according to these region constraints. To minimize the overhead of runtime checks, a static compilation phase is exploited. The proposed approach is largely independent of a specific programming language; however, to put it in concrete form, here we focus on its integration within the process language muKlaim. We prove that in compiled muKlaim nets, data can be manipulated only by authorized users. We also give a more local formulation of this property, where only a subnet is compiled. Finally, we use our theory to model the secure behaviour of a UNIX-like multiuser system.
@InProceedings\{gorla.pugliese:controlling-data-movement,
author = \{D. Gorla and R. Pugliese},
title = \{Controlling Data Movement in Global Computing Applications},
booktitle = \{Proc. of 19th Annual ACM-SIGAPP Symposium on Applied Computing (SAC 04)},
year = \{2004},
publisher = \{ACM Press},
url = \{http://mikado.di.fc.ul.pt/repository/gorla.pugliese_controlling-data-movement.pdf}
}
About this site. Last modified: Thu Apr 18 10:25:15 CEST 2024