CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Securing interactive programs

Willard Rafnsson (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; Daniel Hedin (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; Andrei Sabelfeld (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
Proceedings of the Computer Security Foundations Symposium (1063-6900). p. 293-307. (2012)
[Konferensbidrag, refereegranskat]

This paper studies the foundations of information-flow security for interactive programs. Previous research assumes that the environment is total, that is, it must always be ready to feed new inputs into programs. However, programs secure under this assumption can leak the presence of input. Such leaks can be magnified to whole-secret leaks in the concurrent setting. We propose a framework that generalizes previous research along two dimensions: first, the framework breaks away from the totality of the environment and, second, the framework features fine-grained security types for communication channels, where we distinguish between the security level of message presence and message content. We show that the generalized framework features appealing compositionality properties: parallel composition of secure program results in a secure thread pool. We also show that modeling environments as strategies leads to strong compositionality: various types of composition (with and without scoping) follow from our general compositionality result. Further, we propose a type system that supports enforcement of security via fine-grained security types.

2012 IEEE 25th Computer Security Foundations Symposium, CSF 2012;Cambridge, MA;25 June 2012through27 June 2012

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2012-10-23. Senast ändrad 2016-07-25.
CPL Pubid: 165026


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)


Informations- och kommunikationsteknik
Data- och informationsvetenskap

Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:

Securing Interactive Systems