Information-Flow Security for Interactive Programs

14 years 5 months ago

Download www.cs.cornell.edu

Abstract. Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-ﬂow security, yet no such models seem to exist for imperative programming languages. Further, existing language-based security conditions founded on noninteractive models permit insecure information ﬂows in interactive imperative programs. This paper formulates new information-ﬂow security conditions for a simple imperative programming language that includes input and output operators, and it encapsulates user behavior as strategies. The semantics of the language enables a ﬁne-grained approach to the resolution of nondeterministic choices. The security conditions leverage this approach to prohibit reﬁnement attacks while still permitting observable nondeterminism. Extending the language with probabilistic choice yields a corresponding deﬁnition of probabilistic noninterference. ...

Kevin R. O'Neill, Michael R. Clarkson, Stephen Cho

Real-time Traffic

CSFW 2006 | Imperative Programming Language | Information-ﬂow Security | Security Conditions | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	10 Jun 2010
Updated	10 Jun 2010
Type	Conference
Year	2006
Where	CSFW
Authors	Kevin R. O'Neill, Michael R. Clarkson, Stephen Chong

Comments (0)

Sciweavers

Information-Flow Security for Interactive Programs

CSFW 2006 | Imperative Programming Language | Information-ﬂow Security | Security Conditions | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers