Sciweavers

CCS
2004
ACM

Security policies for downgrading

14 years 5 months ago
Security policies for downgrading
A long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security policies for downgrading and a security type system that incorporates them, allowing secure downgrading of information through an explicit declassification operation. Examples are given showing that the downgrading policy language captures useful aspects of designer intent. These policies are connected to a semantic security condition that generalizes noninterference, and the type system is shown to enforce this security condition. Categories and Subject Descriptors: K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms: Security, Languages
Stephen Chong, Andrew C. Myers
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CCS
Authors Stephen Chong, Andrew C. Myers
Comments (0)