Sophia Drossopoulou
Mark S. Miller
ABSTRACT
Contemporary open systems use components developed by many different parties, linked together dynamically in unforeseen constellations. Code needs to live up to strict security specifications: it has to ensure the correct functioning of its objects when they collaborate with external objects which may be malicious.
In this paper we propose specifications that model risk and trust in such open systems. We specify Miller, Van Cutsem, and Tulloh's escrow exchange example, and discuss the meaning of such a specification. We argue informally that the code satisfies its specification.
- A. Abdul-Rahman and S. Halles. A distributed trust model. In New Security Paradigms Wkshp., 1988. Langdale, Cumbria.Google Scholar
- K. Aberer and Z. Despotovic. Managing trust in a peer-2-peer information system. In CKIM, 2001. Google ScholarDigital Library
- A. Aldini. A calculus for trust and reputation systems. In IFIPTM, 2014.Google ScholarCross Ref
- D. Artz and Y. Gil. A survey of trust in computer science and the semantic web. Journal of Web Semantics, 2007. Google ScholarDigital Library
- K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. Language-based defenses against untrusted browser origins. In USENIX Security, 2013. Google ScholarDigital Library
- Cahill et al. Using trust for secure collaboration in uncertain environments. Pervasive Computing, July 2003. Google ScholarDigital Library
- M. Carbone, M. Nielsen, and V. Sassone. A formal model for trust in dynamic networks. In SEFM, 2003.Google ScholarCross Ref
- J.-H. Cho and K. S. Shan. Building trust-based sustainable networks. IEEE Tech. and Soc., Summer, 2013.Google ScholarCross Ref
- J.-H. Cho, A. Swami, and I.-R. Chen. A survey on trust management for mobile ad hoc networks. IEEE Comms. Surv. & Tuts., 13(4), 2011.Google Scholar
- J. B. Dennis and E. C. V. Horn. Programming Semantics for Multiprogrammed Computations. Comm. ACM, 9(3), 1966. Google ScholarDigital Library
- C. Dimoulas, S. Moore, A. Askarov, and S. Chong. Declarative policies for capability control. In Computer Security Foundations Symposium, 2014. Google ScholarDigital Library
- M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-guarantee reasoning. In ESOP. Springer, 2009. Google ScholarDigital Library
- S. Drossopoulou and J. Noble. The need for capability policies. In FTfJP, 2013. Google ScholarDigital Library
- S. Drossopoulou and J. Noble. How to break the bank: Semantics of capability policies. In iFM, 2014.Google Scholar
- S. Drossopoulou and J. Noble. Towards capability policy specification and verification, May 2014. ecs.victoria-.ac.nz/Main/TechnicalReportSeries.Google Scholar
- Y. Gil and D. Artz. Towards Content Trust of Web Resources. IWeb Semantics: Science, Services and Agents on the World Wide Web, 2007. Google ScholarDigital Library
- L. Gu, J. Wang, and B. Sun. Trust management mechsnism for internet of things. China Communications, Feb. 2014.Google Scholar
- S. M. Habib and M. M. Sebastian Ries and. Towards a trust management system for cloud computing. In TrustCom, 2011. Google ScholarDigital Library
- J. Huang and D. M. Nicol. A formal-semantics-based calculus of trust. IEEE INTERNET COMPUTING, 2010. Google ScholarDigital Library
- R. Karim, M. Dhawan, V. Ganapathy, and C.-C. Shan. An Analysis of the Mozilla Jetpack Extension FrameworK. In ECOOP, Springer, 2012. Google ScholarDigital Library
- B. Lampson, M. Abadi, M. Burrows, and E. Wobbler. Authentication in Distributed Systems: Theory and Practice. ACM TOCS, (4):265--310, 1992. Google ScholarDigital Library
- B. S. Lerner, L. Elberty, N. Poole, and S. Krishnamurthi. Verifying web browser extensions' compliance with private-browsing mode. In European Symposium on Research in Computer Security (ESORICS), Sept. 2013.Google ScholarCross Ref
- S. Maffeis, J. Mitchell, and A. Taly. Object capabilities and isolation of untrusted web applications. In Proc of IEEE Security and Privacy, 2010. Google ScholarDigital Library
- R. Merrill. focal: new conversational language. DEC, 1969. homepage.cs.uiowa.edu/~jones/pdp8/focal/-focal69.html.Google Scholar
- M. Merro and E. Sibilio. A calculus of trustworthy ad hoc networks. Formal Aspects of Computing, page 25, 2013.Google Scholar
- M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Baltimore, Maryland, 2006. Google ScholarDigital Library
- M. S. Miller, T. V. Cutsem, and B. Tulloh. Distributed electronic rights in JavaScript. In ESOP, 2013. Google ScholarDigital Library
- M. S. Miller, C. Morningstar, and B. Frantz. Capability-based financial instruments: From object to capabilities. In Financial Cryptography. Springer, 2000. Google ScholarDigital Library
- M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Safe active content in sanitized JavaScript. code.google.com/p/google-caja/.Google Scholar
- J. H. Morris Jr. Protection in programming languages. CACM, 16(1), 1973. Google ScholarDigital Library
- T. Murray and G. Lowe. Analysing the information flow properties of object-capability patterns. In FAST, LNCS, 2010. Google ScholarDigital Library
- J. Noble and S. Drossopoulou. Rationally reconstructing the escrow example. In FTfJP, 2014. Google ScholarDigital Library
- G. Norcie, E. D. Cristofaro, and V. Bellotti. Bootstrapping trust in online dating: Social verification of online dating profiles. In Financial Cryptography and Data Security, 2013.Google ScholarCross Ref
- J. G. Politz, S. A. Eliopoulos, A. Guha, and S. Krishnamurthi. Adsafety: Type-based verification of JavaScript sandboxing. In USENIX Security, 2011. Google ScholarDigital Library
- G. Primiero and M. Taddeo. A modal type theory for formalizing trusted communications. J. Applied Logic, 10, 2012. Google ScholarDigital Library
- S. Ries, S. M. Habib, M. M. Sebastian Ries and, and V. Varadharajan. Certainlogic: A logic for modeling trust and uncertainty. In TRUST, 2011. LNCS 6740. Google ScholarDigital Library
- Roberto Carbone et al. Towards formal validation of trust and security in the internet of services. In Future Internet Assembly, 2001. LNCS 6656.Google Scholar
- Solhaug and Stølen. Uncertainty, subjectivity, trust and risk: How it all fits together. In STM, 2011. Google ScholarDigital Library
- A. Taly, U. Erlingsson, J. C. Mitchell, M. S. Miller, and J. Nagra. Automated Analysis of Security-Critical JavaScript APIs. In SOSP, 2011. Google ScholarDigital Library
- The Swapsies. Got Got Need. In 5: A February Records Anniversary Compilation. February Records, 2015.Google Scholar
- M. Walterbusch, B. Martens, and F. Teuteberg. Exploring trust in cloud computing: A multimethod approach. In ECIS, page 145, 2013.Google Scholar
Index Terms
- Swapsies on the Internet: First Steps towards Reasoning about Risk and Trust in an Open World
Recommendations
A study on the acceptance of internet banking
ICETC '18: Proceedings of the 10th International Conference on Education Technology and ComputersInternet banking expected to ease commercial transactions and uplift satisfactory services. Studies affirmed internet banking in Nigeria is low compared with other e-banking systems. This study analyzed mediation role of trust in technology, theory of ...
Comments