CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A Principled Approach to Tracking Information Flow in the Presence of Libraries

Daniel Hedin (Institutionen för Data- och informationsteknik, Informationssäkerhet (Chalmers)) ; Alexander Sjösten (Institutionen för Data- och informationsteknik, Informationssäkerhet (Chalmers)) ; Frank Piessens ; Andrei Sabelfeld (Institutionen för Data- och informationsteknik, Informationssäkerhet (Chalmers))
Lecture Notes in Computer Science - Principles of Security and Trust - 6th International Conference, POST 2017 (0302-9743). Vol. 10204 (2017), p. 49-70.
[Konferensbidrag, refereegranskat]

There has been encouraging progress on information flow control for programs in increasingly complex programming languages, tracking the propagation of information from input sources to output sinks. Yet, programs are typically deployed in an environment with rich APIs and powerful libraries, posing challenges for information flow control when the code for these APIs and libraries is either unavailable or written in a different language. This paper presents a principled approach to tracking information flow in the presence of libraries. With the goal to strike the balance between security and precision, we present a framework that explores the middle ground between the “shallow”, signature-based modeling of libraries and the “deep”, stateful approach, where library models need to be supplied manually. We formalize our approach for a core language, extend it with lists and higher-order functions, and establish soundness results with respect to the security condition of noninterference.

Nyckelord: language-based security, information flow, noninterference



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2017-04-16. Senast ändrad 2017-06-28.
CPL Pubid: 248858

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)