Skip to main content


Analysing the information flow properties of object-capability patterns


Toby Murray and Gavin Lowe

Oxford University Computing Laboratory


We consider the problem of detecting covert channels within security-enforcing object-capability patterns. Traditional formalisms for reasoning about the security properties of object-capability patterns require one to be aware, a priori, of all possible mechanisms for covert information flow that might be present within a pattern, in order to detect covert channels within it. We show how the CSP process algebra, and its model-checker FDR, can be applied to overcome this limitation.

BibTeX Entry

    doi              = {10.1007/978-3-642-12459-4_7},
    author           = {Toby Murray and Gavin Lowe},
    series           = {Lecture Notes in Computer Science},
    title            = {Analysing the Information Flow Properties of Object-Capability Patterns},
    volume           = {5983},
    year             = {2010},
    booktitle        = {International Workshop on Formal Aspect of Security and Trust (FAST)},
    pages            = {81--95},
    address          = {Eindhoven, The Netherlands}


Served by Apache on Linux on seL4.
Served by Apache on Linux on seL4.