We present an architecture and tools for verifying implementations of security protocols. Our implementations can run with both concrete and symbolic implementations of cryptographic algorithms. The concrete implementation is for production and ...

WS-SecurityPolicy is a declarative language for configuring web services security mechanisms. We describe a formal semantics for WS-SecurityPolicy and propose a more abstract language for specifying secure links between web services and their clients. ...

Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as digital signatures, local ACLs, and encrypted communications. ...

A precise characterization of those security policies enforceable by program rewriting is given. This also exposes and rectifies problems in prior work, yielding a better characterization of those security policies enforceable by execution monitors as ...

Boxed Ambients are a variant of Mobile Ambients that result from dropping the open capability and introducing new primitives for ambient communication. The new model of communication is faithful to the principles of distribution and location-awareness ...

Stack inspection is a security mechanism implemented in runtimes such as the JVM and the CLR to accommodate components with diverse levels of trust. Although stack inspection enables the fine-grained expression of access control policies, it has rather ...

Sufficient criteria are given for replacing all occurrences of the store argument in a Scott-Strachey denotational definition of a programming language by a single global variable. The criteria and transformation are useful for transforming denotational ...

The CIRCAL calculus is presented as a mathematical framework in which to describe and analyze concurrent systems, whether hardware or software.

The dot operator is used to compose CIRCAL descriptions, and it is this operator which permits the natural ...

Several fairly large sets of programming rules have been developed recently. It is natural to ask whether the process of developing such rule bases may converge. Having developed sets of rules for specific programming tasks and domains, will they be ...