Handling dynamic information release

Authors:
Li Jiang;Lingdi Ping;Xuezeng Pan
Affiliations:
College of Computer Science and Technology, Zhejiang University, China;College of Computer Science and Technology, Zhejiang University, China;College of Computer Science and Technology, Zhejiang University, China
Venue:
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Year:
2007

Citing 12
Cited 0

The SLam calculus: programming with secrecy and integrity

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure Information Flow via Linear Continuations

Higher-Order and Symbolic Computation
What is Intransitive Noninterference?

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Abstract non-interference: parameterizing non-interference by abstract interpretation

Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing Robust Declassification

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Security policies for downgrading

Proceedings of the 11th ACM conference on Computer and communications security
Dimensions and Principles of Declassification

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Localized delimited release: combining the what and where dimensions of information release

Proceedings of the 2007 workshop on Programming languages and analysis for security
Gradual Release: Unifying Declassification, Encryption and Key Release Policies

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Controlling the what and where of declassification in language-based security

ESOP'07 Proceedings of the 16th European conference on Programming
Adjoining declassification and attack models by abstract interpretation

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.01

Visualization

Abstract

Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of sensitive information. In this paper, we propose a new security property that requires the decision to perform information release have high integrity, and permits low integrity data which comes from untrusted sources to dynamically affect information release by upgrading (or endorsing) its integrity. To control such integrity upgrading, we introduce an endorsement mechanism that takes the form of a local integrity endorsing policy declaration. So the programmer can express more precise ways of endorsing, by specifying the integrity levels from which information may be endorsed. In addition, we show a new type system to enforce the security property.