CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Gradual Release: Unifying Declassification, Encryption and Key Release Policies

Aslan Askarov (Institutionen för data- och informationsteknik, Datavetenskap (Chalmers)) ; Andrei Sabelfeld (Institutionen för data- och informationsteknik (Chalmers))
Proceedings of the IEEE Symposium on Security and Privacy (1081-6011). p. 207-227. (2007)
[Konferensbidrag, refereegranskat]

Information security has a challenge to address: enabling information-flow controls with expressive information release (or declassification) policies. Existing approaches tend to address some aspects of information release, exposing the other aspects for possible attacks. It is striking that these approaches fall into two mostly separate categories: revelation-based (as in information purchase, aggregate computation, moves in a game, etc.) and encryption-based declassification (as in sending encrypted secrets over an untrusted network, storing passwords, etc.). This paper introduces gradual release, a policy that unifies declassification, encryption, and key release policies. We model an attacker's knowledge by the sets of possible secret inputs as functions of publicly observable outputs. The essence of gradual release is that this knowledge must remain constant between releases. Gradual release turns out to be a powerful foundation for release policies, which we demonstrate by formally connecting revelation-based and encryption-based declassification. Furthermore, we show that gradual release can be provably enforced by security types and effects.



Denna post skapades 2007-11-08. Senast ändrad 2015-12-17.
CPL Pubid: 61480

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)