CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Enforcing Robust Declassification

Andrew Myers ; Andrei Sabelfeld (Institutionen för datavetenskap, ProSec) ; Steve Zdancewic
Proceedings of the 17th IEEE Computer Security Foundations Workshop / edited by Riccardo Focardi (1063-6900). p. 172--186. (2004)
[Konferensbidrag, refereegranskat]

Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems perform intentional release of sensitive information as part of their correct functioning and therefore violate noninterference. To control information flow while permitting intentional information release, some systems have a downgrading or declassification mechanism. A major danger of such a mechanism is that it may cause unintentional information release. This paper shows that a robustness property can be used to characterize programs in which declassification mechanisms cannot be exploited by attackers to release more information than intended. It describes a simple way to provably enforce this robustness property through a type-based compile-time program analysis. The paper also presents a generalization of robustness that supports upgrading (endorsing) data integrity.

Nyckelord: Computer security, confidentiality, information flow, noninterference, security-type systems, security policies, declassification

Denna post skapades 2006-12-19. Senast ändrad 2015-12-17.
CPL Pubid: 1603


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för datavetenskap, ProSec (2002-2004)


Information Technology

Chalmers infrastruktur