Sandboxing in myKlaim

René Rydhof Hansen, Christian W. Probst, Flemming Nielson

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    446 Downloads (Pure)


    The μKlaim calculus is a process algebra designed to study the programming of distributed systems consisting of a number of locations each having their own tuple space and collection of mobile processes. Previous work has explored how to incorporate a notion of capabilities to be enforced dynamically by means of a reference monitor. Our first contribution is to describe a sandboxing semantics for the remote evaluation of mobile code; we then develop a succinct flow logic for statically guaranteeing the properties enforced by the reference monitor and hence for dispensing with the overhead of a dynamic reference monitor. Our second contribution is an extension of the calculus to interact with an environment; processes enter the system from the environment and we develop an entry-condition that is sufficient for ensuring that the resulting system continues to guarantee the properties that would otherwise need to be dynamically enforced by the reference monitor. We call the resulting calculus myKlaim.
    Original languageEnglish
    Title of host publicationThe First International Conference on Availability, Reliability and Security, 2006. ARES 2006.
    Publication date2006
    ISBN (Print)0-7695-2567-9
    Publication statusPublished - 2006
    EventThe First International Conference on Availability, Reliability and Security - Vienna, Austria
    Duration: 20 Apr 200622 Apr 2006
    Conference number: 1


    ConferenceThe First International Conference on Availability, Reliability and Security

    Bibliographical note

    Copyright: 2006 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE


    Dive into the research topics of 'Sandboxing in myKlaim'. Together they form a unique fingerprint.

    Cite this