Featherweight Java: a minimal core calculus for Java and GJ
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Mostly-Static Decentralized Information Flow Control
Mostly-Static Decentralized Information Flow Control
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Stack-based access control and secure information flow
Journal of Functional Programming
On Declassification and the Non-Disclosure Policy
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A design for a security-typed language with certificate-based declassification
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Flow locks: towards a core calculus for dynamic flow policies
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Jifclipse: development tools for security-typed languages
Proceedings of the 2007 workshop on Programming languages and analysis for security
Improving usability of information flow security in java
Proceedings of the 2007 workshop on Programming languages and analysis for security
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Verified enforcement of stateful information release policies
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Verified enforcement of stateful information release policies
ACM SIGPLAN Notices
Hi-index | 0.00 |
Security-typed languages promise to be a powerful tool with which provably secure software applications may be developed. Programs written in these languages enforce a strong, global policy of noninterferencewhich ensures that high-security data will not be observable on low-security channels. Because noninterference is typically too strong a property, most programs use some form of declassification to selectively leak high security information, e.g. when performing a password check or data encryption. Unfortunately, such a declassification is often expressed as an operation within a given program, rather than as part of a global policy, making reasoning about the security implications of a policy more difficult.In this paper, we propose a simple idea we call trusted declassification in which special declassifier functions are specified as part of the global policy. In particular, individual principals declaratively specify which declassifiers they trust so that all information flows implied by the policy can be reasoned about in absence of a particular program. We formalize our approach for a Java-like language and prove a modified form of noninterference which we call noninterference modulo trusted methods. We have implemented our approach as an extension to Jif and provide some of our experience using it to build a secure e-mail client.