A discussion on security typing and measurement for SOA
ACM SIGSOFT Software Engineering Notes
Paralocks: role-based information flow control and beyond
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Noninterference with dynamic security domains and policies
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Encoding secure information flow with restricted delegation and revocation in Haskell
Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
Hi-index | 0.00 |
Early work on security-typed languages required that legal information flows be defined statically. More recently, techniques have been introduced that relax these assumptions and allow policies to change at run-time. For example, the Rx language uses a policy language based on RT, a trust management framework for representing authorization policies. While Rx made significant strides toward the goal of allowing policy updates in security-typed languages, in this paper we observe that certain design choices of Rx violate the privacy and autonomy requirements of principals in trust management systems, thus making decentralized control over information difficult. To address these problems, we propose RTI, a new security-typed language. In addition to avoiding prior pitfalls, RTI's most distinguishing characteristic is that it supports fine-grained specification of security for dynamic policy. We also provide a proof of noninterference for RTI.