Security policy refinement and enforcement for the design of multi-level secure systems
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Securing nonintrusive web encryption through information flow
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
Hi-index | 0.00 |
This paper introduces the use of static information flow analysis for the specification and enforcement of end-to-end availability policies in programs. We generalize the decentralized label model, which is about confidentiality and integrity, to also include security policies for availability. These policies characterize acceptable risks by representing them as principals. We show that in this setting, a suitable extension of noninterference corresponds to a strong,end-to-end availability guarantee. This approach provides a natural way to specify availability policies and enables existing static dependency analysis techniques to be adapted for availability. The paper presents a simple language in which fine-grained information security policies can be specified as type annotations. These annotations can include requirements for all three major security properties: confidentiality, integrity, and availability. The type system for the language provably guarantees that any well-typed program has the desired noninterference properties, ensuring confidentiality, integrity, and availability.