Preface: Volume 32

Abstract

This volume contains papers from the DERA/RHUL Workshop on Secure Architectures and Information Flow, held at Royal Holloway, University of London, from December 1st to December 3rd, 1999.The purpose of the workshop was to gather together researchers interested in secure architectures and in particular those involved in the DERA Beacon programme “Future Security Requirements and Technologies”. The aim of this 3 year collaborative research programme is to investigate the impact of future and emerging technologies on secure systems.The first two days of the workshop were devoted to general issues of secure architectures whilst the third, final day was devoted to the topic of non-interference.Non-interference is a central concept in computer security for nearly two decades since Goguen and Meseguer first proposed the idea in 1982. It seeks to formalise the absence of any flow of information across an interface and so is clearly a key concept underlying any notion of confidentiality. It is still hotly debated both in the sense of what exactly it is and what role, if any, it should play in information security. There have been a number of theoretical advances of late on this topic but there remain a number of fundemental, open questions. It was thus timely to gather together some of the researchers active in this area to present these advances and discuss the open quesions.The workshop combined two workshop series: the third in a series hosted by Royal Holloway on secure architectures associated with the DERA Beacon project, and the third in a series on information flow held previously at Royal Holloway and at Leicester.There were in total 20 presentations during the three days of the workshop, many of them describing work in progress or work appearing elsewhere. Some of the papers presented are reproduced in this volume, others will be appearing elsewhere.The agenda was as follows:Security architecturesSteve Schneider and Peter RyanIntroductionUlrich Lang, CambridgeWhy the CORBA security service failsJorge Cuellar, SiemensVerification of an authentication and key agreement protocolVitaly Shmatikov, StanfordAnalysis of abuse-free contract signingRoberto Gorrieri, University of BolognaCoping with denial-of-service due to malicious Java AppletsCathy Meadows, NRLEmerging problems with sceurity protocol analysisVirginie Wiels CERT-ONERAElectronic Purse Security VerificationJoachim Posegga and Roger Kehr, Deutsche Telekom, IT Security ResearchPCA: Jini-based Personal Card Assistant — Security Issues in Spontaneous NetworkingVolkmar Lotz, SiemensFormally Defining Security Properties with Stream Processing FunctionsDieter Gollman, MS Research CambridgeOn the verification of security protocolsJoshua D. Guttman, The MITRE CorpPacket Filters and their Atoms: Local Behavior/Global Security PoliciesMichael Waidner, IBM Zurich and Birgit Pfitzmann, Universitat des SaarlandesCryptographic definitions of “secrecy”Ian Welch and Robert Stroud, Newcastle UniversitySupporting Real World Security Models in JavaGuenter Karjoth, IBM Research Centre ZurichJava 2 Authorization: Its Semantics and Expressive PowerYves Deswarte, LAAS and MS ResearchIntrusion tolerance and the MAFTIA ProjectThe theory of information flowPeter Ryan, DERAWelcome and IntroductionAndrei Sabelfeld, Chalmers University, SwedenProbabilistic Noninterference for Multi-threaded ProgramsBruno Dutertre, SRI Menlo ParkProbabilistic vs. nonprobabilistic security modelsPaul Gardiner, Laser Point SoftwarePower simulation and power bisimulationSteve Schneider, Royal HollowayA testing approach to non-interferencePeter Ryan, DERAPower-bisimulation and UnwindingRiccardo Focardi, University of VeniceNon-Interference and Security ProtocolsWe thank the Department of Computer Science at Royal Holloway for hosting this workshop, and particularly Janet Hales for her invaluable help in the local organisation of the workshop both in the weeks leading up to it and during the workshop itself, and Neil Evans, James Heather, and Helen Treharne for local help during the workshop. We would also like to the thank DERA for their funding the Beacon programme and this workshop in particular. We also thank the Managing Editors of the Electronic Notes in Theoretical Computer Science series, Mike Mislove, Maurice Nivat, and Christos Papadimitriou, for giving us the opportunity of publishing the proceedings of this workshop in this series, and particularly Mike Mislove for his support, encouragement, and advice during the preparation of this electronic volume.Steve Schneider and Peter Ryan, Guest Editors