A Confinement Criterion for Securely Executing Mobile Code

International audienceMobile programs, like applets, are not only ubiquitous but also potentially malicious. We study the case where mobile programs are executed by a host system in a secured environment, in order to control the accesses from mobile programs to local resources. The article deals with the following question: how can we ensure that the local environment is secure? We answer by giving a confinement criterion: if the type of the local environment satisfies it, then no mobile program can directly access a local resource. The criterion, which is type-based and hence decidable, is valid for a functional language with references. By proving its validity, we solve a conjecture stated by Leroy and Rouaix at POPL '98. Moreover, we show that the criterion cannot be weakened by giving counter-examples for all the environment types that do not satisfy the criterion, and that it is pertinent by detailing the example of a specific security architecture. The main contribution of the article is the proof method, based on a language annotation that keeps track of code origin and that enables the study of the interaction frontier between the local code and the mobile code. The generalization of the method is finally discussed

Foundations of Information-Flow Control and Effects

In programming language research, information-flow control (IFC) is a technique for enforcing a variety of security aspects, such as confidentiality of data,on programs. This Licenciate thesis makes novel contributions to the theory and foundations of IFC in the following ways: Chapter A presents a new proof method for showing the usual desired property of noninterference; Chapter B shows how to securely extend the concurrent IFC language MAC with asynchronous exceptions; and, Chapter C presents a new and simpler language for IFC with effects based on an explicit separation of pure and effectful computations

Formal analysis of security models for mobile devices, virtualization platforms and domain name systems

En esta tesis investigamos la seguridad de aplicaciones de seguridad criticas, es decir aplicaciones en las cuales una falla podria producir consecuencias inaceptables. Consideramos tres areas: dispositivos moviles, plataformas de virtualizacion y sistemas de nombres de dominio. La plataforma Java Micro Edition define el Perfil para Dispositivos de Informacion Moviles (MIDP) para facilitar el desarrollo de aplicaciones para dispositivos moviles, como telefonos celulares y asistentes digitales personales. En este trabajo primero estudiamos y comparamos formalmente diversas variantes del modelo de seguridad especificado por MIDP para acceder a recursos sensibles de un dispositivo movil. Los hipervisores permiten que multiples sistemas operativos se ejecuten en un hardware compartido y ofrecen un medio para establecer mejoras de seguridad y flexibilidad de sistemas de software. En esta tesis formalizamos un modelo de hipervisor y establecemos (formalmente) que el hipervisor asegura propiedades de aislamiento entre los diferentes sistemas operativos de la plataforma, y que las solicitudes de estos sistemas son atendidas siempre. Demostramos tambien que las plataformas virtualizadas son transparentes, es decir, que un sistema operativo no puede distinguir si ejecuta solo en la plataforma o si lo hace junto con otros sistemas operativos. Las Extensiones de Seguridad para el Sistema de Nombres de Dominio (DNSSEC) constituyen un conjunto de especificaciones que proporcionan servicios de aseguramiento de autenticacion e integridad de origen de datos DNS. Finalmente, presentamos una especificaci´on minimalista de un modelo de DNSSEC que proporciona los fundamentos necesarios para formalmente establecer y verificar propiedades de seguridad relacionadas con la cadena de confianza del arbol de DNSSEC. Desarrollamos todas nuestras formalizaciones en el C´alculo de Construccion

Civil Gang Injunction Effects: The Perceptions of Residents and Neighbors of Their Safety

This hermeneutic phenomenological study aimed to assess the general effectiveness of civil gang injunctions based on community members\u27 perceptions of their safety in Los Angeles County, California. The theory that served as the foundation for this study was social disorganization, as interpreted by Shaw and McKay (1972). It helped to gauge how well community members understood their lived experiences and perceived the effects of injunctions on their safety. The following question guided this study: Do local citizens believe communities are safer and more secure when civil gang injunctions are used? Eight community members from two Los County cities were chosen using a purposeful criterion and snowball sampling. One-on-one semistructured interviews were used to collect the data, and the researcher maintained reflective memos in the data analysis. The answer to the research question was both yes and no, and the application of social disorganization theory was both confirmed and disconfirmed. Safer neighborhoods served as confirmation of the social disorganization theory. Disconfirming the theory was indicated by gangs involved internal and external disruption: disturbing gang relationships with the community and other gangs, and disrupting gang culture and family ties. The findings also revealed that CGIs should not have an unlimited term because people can change, and those placed on CGIs are hampered access to meaningful employment

Advances in Grid Computing

This book approaches the grid computing with a perspective on the latest achievements in the field, providing an insight into the current research trends and advances, and presenting a large range of innovative research papers. The topics covered in this book include resource and data management, grid architectures and development, and grid-enabled applications. New ideas employing heuristic methods from swarm intelligence or genetic algorithm and quantum encryption are considered in order to explain two main aspects of grid computing: resource management and data management. The book addresses also some aspects of grid computing that regard architecture and development, and includes a diverse range of applications for grid computing, including possible human grid computing system, simulation of the fusion reaction, ubiquitous healthcare service provisioning and complex water systems

From Fine- to Coarse-Grained Dynamic Information Flow Control and Back, a Tutorial on Dynamic Information Flow

This tutorial provides a complete and homogeneous account of the latestadvances in fine- and coarse-grained dynamic information-flow control (IFC)security. Since the 70s, the programming language and the operating systemcommunities have proposed different IFC approaches. IFC operating systems trackinformation flows in a coarse-grained fashion, at the granularity of a process.In contrast, traditional language-based approaches to IFC are fine-grained:they track information flows at the granularity of program variables. Fordecades, researchers believed coarse-grained IFC to be strictly less permissivethan fine-grained IFC -- coarse-grained IFC systems seem inherently lessprecise because they track less information -- and so granularity appeared tobe a fundamental feature of IFC systems. We show that the granularity of thetracking system does not fundamentally restrict how precise or permissivedynamic IFC systems can be. To this end, we mechanize two mostly standardlanguages, one with a fine-grained dynamic IFC system and the other with acoarse-grained dynamic IFC system, and prove a semantics-preserving translationfrom each language to the other. In addition, we derive the standard securityproperty of non-interference of each language from that of the other via ourverified translation. These translations stand to have important implicationson the usability of IFC approaches. The coarse- to fine-grained direction canbe used to remove the label annotation burden that fine-grained systems imposeon developers, while the fine- to coarse-grained translation shows thatcoarse-grained systems -- which are easier to design and implement -- can trackinformation as precisely as fine-grained systems and provides an algorithm forautomatically retrofitting legacy applications to run on existingcoarse-grained systems.<br

Designing Incentives Enabled Decentralized User Data Sharing Framework

Data sharing practices are much needed to strike a balance between user privacy, user experience, and profit. Different parties collect user data, for example, companies offering apps, social networking sites, and others, whose primary motive is an enhanced business model while giving optimal services to the end-users. However, the collection of user data is associated with serious privacy and security issues. The sharing platform also needs an effective incentive mechanism to realize transparent access to the user data while distributing fair incentives. The emerging literature on the topic includes decentralized data sharing approaches. However, there has been no universal method to track who shared what, to whom, when, for what purpose and under what condition in a verifiable manner until recently, when the distributed ledger technologies emerged to become the most effective means for designing a decentralized peer-to-peer network. This Ph.D. research includes an engineering approach for specifying the operations for designing incentives and user-controlled data-sharing platforms. The thesis presents a series of empirical studies and proposes novel blockchains- and smart contracts-based DUDS (Decentralized User Data Sharing) framework conceptualizing user-controlled data sharing practices. The DUDS framework supports immutability, authenticity, enhanced security, trusted records and is a promising means to share user data in various domains, including among researchers, customer data in e-commerce, tourism applications, etc. The DUDS framework is evaluated via performance analyses and user studies. The extended Technology Acceptance Model and a Trust-Privacy-Security Model are used to evaluate the usability of the DUDS framework. The evaluation allows uncovering the role of different factors affecting user intention to adopt data-sharing platforms. The results of the evaluation point to guidelines and methods for embedding privacy, user transparency, control, and incentives from the start in the design of a data-sharing framework to provide a platform that users can trust to protect their data while allowing them to control it and share it in the ways they want

A Predictive and Causal-Comparative Study Examining Emotional Exhaustion, Workload, Surface Acting, and Inclusion on Managers

The purpose of this quantitative, causal-comparative and predictive correlational design study is to examine how workload, surface acting, work group inclusion, and emotional exhaustion impact African-American and Caucasian American managers in domestic, white-collar roles. A critical variable is emotional exhaustion which has been identified as a key characteristic and predictor of burnout in the workplace. While many current burnout studies have excluded underrepresented minorities and focused on job performance and job demands in human service industries, this study addresses relevant psychological workplace factors that have been associated with detrimental mental and physical conditions of underrepresented minorities - emotional dissonance and lack of inclusion. Such conditions impact organization commitment, engagement, and job satisfaction. This has been a gap in literature as well as a call for future studies. Four instruments were used to measure the variables workload, surface acting, work group inclusion and emotional exhaustion via an online survey - workload subscale of the Areas of Worklife Survey, surface acting subscale of the Emotional Labour Scale, Work Group Inclusion Scale, and the emotional exhaustion subscale of the Maslach Burnout Inventory, respectively. The following paper provides an introduction, literature overview, method detail, and findings of the study. Using quota sampling and snowball sampling techniques, 146 participants were included in the study. Keywords: burnout, job demand, emotional dissonance, surface acting, emotional labo