Who Can Declassify?

Authors:
Alexander Lux;Heiko Mantel
Affiliations:
Department of Computer Science, TU Darmstadt, Darmstadt, Germany 64289;Department of Computer Science, TU Darmstadt, Darmstadt, Germany 64289
Venue:
Formal Aspects in Security and Trust
Year:
2009

Citing 10
Cited 3

Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
A Per Model of Secure Information Flow in Sequential Programs

ESOP '99 Proceedings of the 8th European Symposium on Programming Languages and Systems
Probabilistic Noninterference for Multi-Threaded Programs

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Robust Declassification

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Dimensions and Principles of Declassification

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Enforcing robust declassification and qualified robustness

Journal of Computer Security - Special issue on CSFW17
Decentralized Robustness

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Transformational typing and unification for automatically correcting insecure programs

International Journal of Information Security
Controlling the what and where of declassification in language-based security

ESOP'07 Proceedings of the 16th European conference on Programming
On the rôle of abstract non-interference in language-based security

APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems

Decentralized delimited release

APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Scheduler-Independent declassification

MPC'12 Proceedings of the 11th international conference on Mathematics of Program Construction
Required information release

Journal of Computer Security - CSF 2010

Quantified Score

Hi-index	0.00

Visualization

Abstract

Noninterference provides reliable guarantees for the confidentiality of sensitive information, but it is too restrictive if exceptions shall be permitted. Although many approaches to permitting and controlling exceptional information release have been proposed, the problem of declassification is not yet satisfactorily solved. The aim of our project is to provide adequate control for declassification in language-based security. The main contribution of this article is a novel approach for controlling who can initiate a declassification. Our contributions include a formal security condition and a sound approach to statically enforcing this condition. This article complements our earlier work on controlling where declassification can occur and what can be declassified.