Security Policies as Membranes in Sistems for Global Computing.
Vladimiro Sassone
Abstract
We propose a simple global computing framework, whose main concern is
code migration. Systems are structured in sites, and each site is
split in two parts: a computing body, and a membrane which
regulates the interactions between the computing body and the
external environment.
More precisely, membranes are filters to control access to the
associated site, and rely also on the well-established notions of
trust between sites and proof-carrying code.
We develop a basic theory to express and enforce security
policies via membranes. Initially, these only control the actions
incoming agents intend to perform locally.
We then tune the basic theory to encompass more sophisticated
policies, where the number of actions an agent wants to perform, and
also their order, are considered.