Noninterference with dynamic security domains and policies

Authors:
Robert Grabowski;Lennart Beringer
Affiliations:
Ludwig-Maximilians-Universität, München, Germany;Ludwig-Maximilians-Universität, München, Germany
Venue:
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Year:
2009

Citing 13
Cited 3

What's in a region?: or computing control dependence regions in near-linear time for reducible control flow

ACM Letters on Programming Languages and Systems (LOPLAS)
Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis

Journal of Computer Security
Certification of programs for secure information flow

Communications of the ACM
Non-interference for a JVM-like language

TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Stack-based access control and secure information flow

Journal of Functional Programming
Deriving an Information Flow Checker and Certifying Compiler for Java

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Dynamic security labels and static information flow control

International Journal of Information Security
Dynamic Dependency Monitoring to Secure Information Flow

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A Trust Management Approach for Flexible Policy Management in Security-Typed Languages

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
A certified lightweight non-interference java bytecode verifier

ESOP'07 Proceedings of the 16th European conference on Programming
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

A more precise security type system for dynamic security tests

PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Precise enforcement of progress-sensitive security

Proceedings of the 2012 ACM conference on Computer and communications security
Towards a practical secure concurrent language

Proceedings of the ACM international conference on Object oriented programming systems languages and applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Language-based information flow analysis is used to statically examine a program for information flows between objects of different security domains, and to verify these flows follow a given policy. When the program is distributed as mobile code, it may access resources whose domains depend on the client environment, or may face different security policies. In proof-carrying code scenarios, it is desirable to give a single proof that the program executes securely in any of these situations. This paper presents an object-oriented, Java-like language with runtime security types that can be inspected to ensure that flows between accessed objects are actually allowed before operations inducing these flows are performed. A type system is used to statically prove that the flow tests included in the program are sufficient, such that a noninterference property for the program is ensured regardless of the domains of objects and the effective security policy. Also, the paper outlines how the concepts of the type system are transferred to a bytecode language.