A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Exception-based information flow control in object-oriented systems
ACM Transactions on Information and System Security (TISSEC)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
SWS '04 Proceedings of the 2004 workshop on Secure web service
Financial Privacy Policies and the Need for Standardization
IEEE Security and Privacy
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Enforcing "sticky" security policies throughout a distributed application
Proceedings of the 2008 workshop on Middleware security
Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Over the years, many aspects of the transfer of information from one party to another have commanded the attention of the security and privacy community. Released information can have various levels of sensitivity: facts that are pub-lic, sensitive private information that requires its original owner's permission for its future dissemination, or even in-formation that requires control over the release of the con-clusions reached using that information. Some situations also call for declassification of information, which requires a two-pronged approach: the original owner retains control over the dissemination of sensitive information and sensitive conclusions reached using that information, but when the in-formation is used to reach conclusions that are sufficiently non-sensitive, the original owner's control can be removed for the dissemination of those conclusions. In this paper, we define such a logic to specify information dissemination con-trol policies and reason about release and declassification, and give case studies of the use of our language to control the release of aggregated open source software, multimedia content and medical information.