Lazy Mobile Intruders

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


We present a new technique for analyzing platforms that execute potentially malicious code, such as web-browsers, mobile phones, or virtualized infrastructures. Rather than analyzing given code, we ask what code an intruder could create to break a security goal of the platform. To avoid searching the infinite space of programs that the intruder could come up with (given some initial knowledge) we adapt the lazy intruder technique from protocol verification: the code is initially just a process variable that is getting instantiated in a demand-driven way during its execution. We also take into account that by communication, the malicious code can learn new information that it can use in subsequent operations, or that we may have several pieces of malicious code that can exchange information if they “meet”. To formalize both the platform and the malicious code we use the mobile ambient calculus, since it provides a small, abstract formalism that models the essence of mobile code. We provide a decision procedure for security against arbitrary intruder processes when the honest processes can only perform a bounded number of steps and without path constraints in communication. We show that this problem is NP-complete.
Original languageEnglish
Title of host publicationPrinciples of Security and Trust : Second International Conference, POST 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings
Publication date2013
ISBN (Print)978-3-642-36829-5
ISBN (Electronic)978-3-642-36830-1
Publication statusPublished - 2013
Event2nd Conference on Principles of Security and Trust (POST 2013) - Rome, Italy
Duration: 18 Mar 201319 Mar 2013


Conference2nd Conference on Principles of Security and Trust (POST 2013)
Internet address
SeriesLogical Methods in Computer Science

Fingerprint Dive into the research topics of 'Lazy Mobile Intruders'. Together they form a unique fingerprint.

Cite this