Secrecy for mobile implementations of security protocols

Abstract: Mobile code technology offers interesting possibilities tothe practitioner, but also raises strong concerns aboutsecurity. One aspect of security is secrecy, the preservationof confidential information. This thesis investigates themodelling, specification and verification of secrecy in mobileapplications which access and transmit confidential informationthrough a possibly compromised medium (e.g. the Internet).These applications can be expected to communicate secretinformation using a security protocol, a mechanism to guaranteethat the transmitted data does not reach unauthorizedentities.The central idea is therefore to relate the secrecyproperties of the application to those of the protocol itimplements, through the definition of a "confidential protocolimplementation" relation. The argument takes an indirect form,showing that a confidential implementation transmits secretdata only in the ways indicated by the protocol. We define theimplementation relation using labelled transition semantics,bisimulations and relabelling functions. To justify itstechnical definition, we relate this property to a notion ofnoninterference for nondeterministic systems derived fromCohen?s definition of Selective Independency. We alsoprovide simple and local conditions that greatly simplify itsverification, and report on our experiments on an architectureshowing how the proposed formulations could be used in practiceto enforce secrecy of mobile code.