Constructive logics: Part I: a tutorial on proof systems and typed &lgr;-calculi
Theoretical Computer Science
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Generalized certificate revocation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A lattice model of secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
The KeyKOS Nanokernel Architecture
Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
A method for fast revocation of public key certificates and security capabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Paralocks: role-based information flow control and beyond
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Arrows for secure information flow
Theoretical Computer Science
Noninterference through Secure Multi-execution
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Secure multi-execution in haskell
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Hails: protecting data privacy in untrusted web applications
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Toward principled browser security
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
We present disjunction category (DC) labels, a new label format for enforcing information flow in the presence of mutually distrusting parties. DC labels can be ordered to form a lattice, based on propositional logic implication and conjunctive normal form. We introduce and prove soundness of decentralized privileges that are used in declassifying data, in addition to providing a notion of privilege-hierarchy. Our model is simpler than previous decentralized information flow control (DIFC) systems and does not rely on a centralized principal hierarchy. Additionally, DC labels can be used to enforce information flow both statically and dynamically. To demonstrate their use, we describe two Haskell implementations, a library used to perform dynamic label checks, compatible with existing DIFC systems, and a prototype library that enforces information flow statically, by leveraging the Haskell type checker.