Communicating and mobile systems: the &pgr;-calculus
Communicating and mobile systems: the &pgr;-calculus
A sound type system for secure flow analysis
Journal of Computer Security
Distributed processes and location failures
Theoretical Computer Science
An Asynchronous Model of Locality, Failurem and Process Mobility
COORDINATION '97 Proceedings of the Second International Conference on Coordination Languages and Models
The Fusion Calculus: Expressiveness and Symmetry in Mobile Processes
LICS '98 Proceedings of the 13th Annual IEEE Symposium on Logic in Computer Science
Cyber Physical Systems: Design Challenges
ISORC '08 Proceedings of the 2008 11th IEEE Symposium on Object Oriented Real-Time Distributed Computing
Boolean satisfiability from theoretical hardness to practical success
Communications of the ACM - A Blind Person's Interaction with Technology
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
Satisfiability modulo theories: introduction and applications
Communications of the ACM
Computer Security
Assumptions and Guarantees for Compositional Noninterference
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Basic observables for a calculus for global computing
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
| Hi-index | 0.00 |
Safety and security are both needed for ensuring that cyber-physical systems live up to expectations, but often an intelligent trade-off is called for, because sometimes it is impossible to obtain optimal safety at the same time as optimal security. In the context of the Quality Calculus we develop a type system for checking the extent to which safety and security goals have been met. Safety goals include showing that certain error configurations are in fact not reachable and hence do not require intelligent error handling. Security goals include showing that highly trusted communications can only be performed in highly trusted contexts. This is potentially too demanding and the Quality Calculus is therefore extended with a primitive for endorsing data to a higher trust level (accepting violations of the explicit flow) and for temporarily asserting a higher trust in the context (accepting violations of the implicit flow). This is illustrated on a worked example taken from the automotive sector and we conclude with a discussion of the theoretical properties of the type system.