POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
A lattice model of secure information flow
Communications of the ACM
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
The Definition of Standard ML
Noninterference for concurrent programs and thread systems
Theoretical Computer Science
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
A monadic analysis of information flow security with mutable state
Journal of Functional Programming
Flow Policy Awareness for Distributed Mobile Code
CONCUR 2009 Proceedings of the 20th International Conference on Concurrency Theory
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
On declassification and the non-disclosure policy
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Towards Static Flow-Based Declassification for Legacy and Untrusted Programs
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
A Proof System for Abstract Non-interference
Journal of Logic and Computation
Inference of Expressive Declassification Policies
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
Specification of information flow policies is classically based on a security labeling and a lattice of security levels that establishes how information can flow between security levels. We present a type and effect system for determining the least permissive relaxation of a given confidentiality policy that allows to type a program, given a fixed security labeling. To this end, sets of illegal information flows are represented as downward closure operators (here referred to as flow kernels) on a given lattice of security levels. Illegal information flows can then be seen as program effects, and their representation as flow kernels subsumes in granularity previous lattice-oriented representations of information flow policies. Effect soundness, optimality and preservation results are presented for the proposed type and effect system, for programs written in a concurrent higher-order imperative lambda-calculus with reference creation. Our type and effect system provides a mechanism for deriving the flow kernel that characterizes the illegal flows that occur within a program, and which can be used to support runtime decisions of compliance to other policies. This point is illustrated by means of an application to a setting where local programs run under the control of a dynamic allowed flow policy.