Karl N. Levitt
CNS Division of Computer and Network Systems
CSE Directorate for Computer & Information Science & Engineering
Start Date:
April 1, 2004
Expires:
March 31, 2009 (Estimated)
Awarded Amount to Date:
$407806
Investigator(s):
James Riely jriely@cs.depaul.edu (Principal Investigator)
Sponsor:
DePaul University
1 East Jackson Boulevard
Chicago, IL 60604 312/341-8000
NSF Program(s):
ADVANCED NET INFRA & RSCH
Field Application(s):
0000912 Computer Science
Program Reference Code(s):
HPCC,9216,7254,2802,1667,1187,1045
Program Element Code(s):
4090
ABSTRACT
0347542
CAREER: Type Systems for Secure Code Migration
James Riely
Distributed systems increasingly rely on forms of code migration, such as client-side scripting, downloaded plugins, application service providers, and networked class loading. In executing migrating code, trust becomes an important issue: why should a host trust some newly arrived code to run locally? And why should a migrating agent trust the host where it is now running? One part of a trust architecture can be the use of type-checking: a host trusts a newly arrived agent if it can type-check it. This project uses semantic techniques to provide a formal basis for trust issues in distributed object-oriented systems with code migration. The formal models are a basis for a prototype language implementation that provides a secure infrastructure for distributed application development. The following issues are addressed: foundations of distributed objects, security properties of code migration, and code migration to hostile hosts. Work on object foundations brings together research on the semantics of class-based and aspect-oriented languages and distributed process-calculi. Work on security properties focuses on the problem of untrusted migrating agents: when can a host trust a newly arrived agent? The problems are formalized using type systems incorporating trust and models of encryption and digital signatures in order to transmit trust across the network. Work on hostile hosts addresses the other side of the coin: when can a mobile agent trust the host it is running on? If the host has been compromised, then the results of running the agent cannot be trusted. However, a notion of partial trust may be developed, again using encryption and digital signatures.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
(Showing: 1 - 9 of 9).
Andrew Cirillo and James Riely.
"Access Control Based on Code Identity for Open Distributed Systems,"
Trustworthy Global Computing,
2007,
Bruns, G; Jagadeesan, R; Jeffrey, A; Riely, J.
"mu ABC: A minimal aspect calculus,"
CONCUR 2004 - CONCURRENCY THEORY, PROCEEDINGS,
v.3170,
2004,
p. 209
- 224.
Jagadeesan, R; Jeffrey, A; Pitcher, C; Riely, J.
"lambda-RBAC: Programming with role-based access control,"
AUTOMATA, LANGUAGES AND PROGRAMMING, PT 2,
v.4052,
2006,
p. 456
- 467.
Jagadeesan, R; Jeffrey, A; Riely, J.
"A calculus of untyped aspect-oriented programs,"
ECOOP 2003 - OBJECT-ORIENTED PROGRAMMING, PROCEEDINGS,
v.2743,
2003,
p. 54
- 73.
Jagadeesan, R; Jeffrey, A; Riely, J.
"Typed parametric polymorphism for aspects,"
SCIENCE OF COMPUTER PROGRAMMING,
v.63,
2006,
p. 267
- 296.
P. Hui and J. Riely.
"Temporal Aspects as Security Automata,"
Foundations of Aspect-Oriented Languages (FOAL),
2006,
p. 19.
Pitcher, C; Riely, J.
"Dynamic policy discovery with remote attestation,"
FOUNDATIONS OF SOFTWARE SCIENCE AND COMPUTATION STRUCTURES, PROCEEDINGS,
v.3921,
2006,
p. 111
- 125.
R. Jagadeesan, C. Pitcher and J. Riely.
"Open Bisimulation for Aspects,"
International Conference on Aspect-Oriented Software Development (AOSD),
2007,
Riely, J; Hennessy, M.
"Trust and partial typing in open systems of mobile agents,"
JOURNAL OF AUTOMATED REASONING,
v.31,
2003,
p. 335
- 370.
(Showing: 1 - 9 of 9).
Please report errors in award information by writing to: awardsearch@nsf.gov.
