A Semantic Framework for Declassification and Endorsement

14 years 2 months ago

Download www.cs.cornell.edu

Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification mechanisms for relaxing confidentiality policies, and endorsement mechanisms for relaxing integrity policies. However, a continuing challenge has been to define what security is guaranteed when such mechanisms are used. This paper presents a new semantic framework for expressing security policies for declassification and endorsement in a language-based setting. The key insight is that security can be described in terms of the power that declassification and endorsement give the attacker. The new framework specifies how attackercontrolled code affects program execution and what the attacker is able to learn from observable effects of this code. This approach yields novel security conditions for checked endorsements and robust integrity. The fram...

Aslan Askarov, Andrew Myers

Real-time Traffic

Declassification | ESOP 2010 | Programming Languages | Security | Security Conditions |

claim paper

Post Info
More Details (n/a)

Added	02 Sep 2010
Updated	02 Sep 2010
Type	Conference
Year	2010
Where	ESOP
Authors	Aslan Askarov, Andrew Myers

Comments (0)

Sciweavers

A Semantic Framework for Declassification and Endorsement

Declassification | ESOP 2010 | Programming Languages | Security | Security Conditions |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers