
Editorial
Select search scope: search across all journals or within the current journal

We consider the problem of defining the information leakage in interactive systems where secrets and observables can alternate during the computation. We show that the information-theoretic approach which interprets such systems as (simple) noisy channels is no longer valid. However, the principle can be recovered if we consider channels of a more complicated kind, that in Information Theory are known as channels with memory and feedback. We show that there is a complete correspondence between interactive systems and such channels. Furthermore, we show that the capacity of the channels associated to such systems is a continuous function with respect to a pseudometric based on the Kantorovich metric.
Runtime enforcement is a common mechanism for ensuring that program executions adhere to constraints specified by a security policy. It is based on two simple ideas: the enforcement mechanism should leave good executions without changes (transparency) and make sure that the bad ones got amended (soundness). From the theory side, a number of papers (Hamlen et al., Ligatti et al., Talhi et al.) provide the precise characterization of good executions that can be captured by a security policy and thus enforced by mechanisms like security automata or edit automata.
Unfortunately, transparency and soundness do not distinguish what happens when an execution is actually bad (the practical case). They only tell that the outcome of enforcement mechanism should be “good” but not how far the bad execution should be changed. So we cannot formally distinguish between an enforcement mechanism that makes a small change and one that drops the whole execution.
In this paper we explore a set of policies called iterative properties that revises the notion of good executions in terms of repeated iterations. We propose an enforcement mechanism that can deal with bad executions (and not only the good ones) in a more predictable way by eliminating bad iterations.
Service Oriented Computing (SOC) is a programming paradigm aiming at characterising Service Networks. Services are entities waiting for requests from clients and they often result from the composition of many (sub-)services.
We address here the problem of statically guaranteeing security of open services, i.e., services with unknown components. Security constraints are expressed by policies that service components must obey.
We present here a type and effect system that safely over-approximates the possible run-time behaviour of open services, collecting partial information on the behaviour of their components. From such an approximation, we then extract a (partial) plan that drives executions of an open system that raises no security violations when plugged in any context.