Dimensions and principles of declassification

Proceedings of the Computer Security Foundations Workshop

Volumn , Issue , 2005, Pages 255-269

  Sabelfeld, Andrei ^a   Sands, David ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; DATA PRIVACY; INFORMATION SCIENCE; PROBLEM SOLVING; SECURITY SYSTEMS; SEMANTICS;

COMPUTING SYSTEMS; DECLASSIFICATION; SECRET INFORMATION; SECURITY COMMUNITY;

SECURITY OF DATA;

EID: 28144453799     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (64)

1. [AB05] A. Almeida Matos and G. Boudol. On declassification and the non-disclosure policy. In Proc. IEEE Computer Security Foundations Workshop, June 2005.
2. [Aba98] M. Abadi. Protection in programming-language translations. In Proc. International Colloquium on Automata, Languages and Programming, volume 1443 of LNCS, pages 868-883. Springer-Verlag, July 1998.
3. [ABHR99] M. Abadi, A. Banerjee, N. Heintze, and J. Riecke. A core calculus of dependency. In Proc. ACM Symp. on Principles of Programming Languages, pages 147-160, January 1999.
4. [BN05] A. Banerjee and D. A. Naumann. Stack-based access control and secure information flow. Journal of Functional Programming, 15(2): 131-177, March 2005.
5. [BP03] M. Backes and B. Pfitzmann. Intransitive noninterference for cryptographic purposes. In Proc. IEEE Symp. on Security and Privacy, pages 140-153, May 2003.
6. [BPR04] A. Bossi, C. Piazza, and S. Rossi. Modelling downgrading in information flow security. In Proc. IEEE Computer Security Foundations Workshop, pages 187-201, June 2004.
7. [CHM02] D. Clark, S. Hunt, and P. Malacaria. Quantitative analysis of the leakage of confidential data. In QAPL'01, Proc. Quantitative Aspects of Programming Languages, volume 59 of ENTCS. Elsevier, 2002.
8. [CHM04] D. Clark, S. Hunt, and P. Malacaria. Non-interference for weak observers. In Proc. Programming Language Interference and Dependence (PLID), August 2004.
9. [CM04] S. Chong and A. C. Myers. Security policies for downgrading. In ACM Conference on Computer and Communications Security, pages 198-209, October 2004.
10. [CMOS] S. Chong and A. C. Myers. Language-based information erasure. In Proc. IEEE Computer Security Foundations Workshop, June 2005.
11. [CMS05] M. R. Clarkson, A. C. Myers, and F. B. Schneider. Belief in information flow. In Proc. IEEE Computer Security Foundations Workshop, June 2005.
12. [Coh77] E. S. Cohen. Information transmission in computational systems. ACM SIGOPS Operating Systems Review, 11 (5): 133-139, 1977.
13. [Coh78] E. S. Cohen. Information transmission in sequential programs. In R. A. DeMillo, D. P. Dobkin, A. K. Jones, and R. J. Lipton, editors, Foundations of Secure Computation, pages 297-335. Academic Press, 1978.
14. [DG00] M. Dam and P. Giambiagi. Confidentiality for mobile code: The case of a simple payment protocol. In Proc. IEEE Computer Security Foundations Workshop, pages 233-244, July 2000.
15. [DG03] M. Dam and P. Giambiagi. Information flow control for cryptographic applets. Presentation at the Dagstuhl Seminar on Language-Based Security, October 2003. www.dagstuhl.de/03411/Materials/.
16. [DHW02] A. Di Pierro, C. Hankin, and H. Wiklicky. Approximate non-interference. In Proc. IEEE Computer Security Foundations Workshop, pages 1-17, June 2002.
17. [EP05] R. Echahed and F. Prost. Handling declared information leakage. In Proc. Workshop on Issues in the Theory of Security, January 2005.
18. [FG95] R. Focardi and R. Gorrieri. A classification of security properties for process algebras. J. Computer Security, 3(1):5-33, 1995.
19. [FRS05] R. Focardi, S. Rossi, and A. Sabelfeld. Bridging language-based and process calculi security. In Proc. Foundations of Software Science and Computation Structure, volume 3441 of LNCS, pages 299-315. Springer-Verlag, April 2005.
20. [FSBJ97] E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia. Providing flexibility in information flow control for object-oriented systems. In Proc. IEEE Symp. on Security and Privacy, pages 130-140, May 1997.
21. [GD03] P. Giambiagi and M. Dam. On the secure implementation of security protocols. In Proc. European Symp. on Programming, volume 2618 of LNCS, pages 144-158. Springer-Verlag, April 2003.
22. [GM82] J. A. Goguen and J. Meseguer. Security policies and security models. In Proc. IEEE Symp. on Security and Privacy, pages 11-20, April 1982.
23. [GM84] J. A. Goguen and J. Meseguer. Unwinding and inference control. In Proc. IEEE Symp. on Security and Privacy, pages 75-86, April 1984.
24. [GM04] R. Giacobazzi and I. Mastroeni. Abstract noninterference: Parameterizing non-interference by abstract interpretation. In Proc. ACM Symp. on Principles of Programming Languages, pages 186-197, January 2004.
25. [GM05] R. Giacobazzi and I. Mastroeni. Adjoining declassification and attack models by abstract interpretation. In Proc. European Symp. on Programming, volume 3444 of LNCS, pages 295-310. Springer-Verlag, April 2005.
26. [Hun91] L. S. Hunt. Abstract Interpretation of Functional Languages: From Theory to Practice. PhD thesis, Department of Computing, Imperial College of Science, Technology and Medicine, 1991.
27. [JL00] R. Joshi and K. R. M. Leino. A semantic approach to secure information flow. Science of Computer Programming, 37(1-3): 113-138, 2000.
28. [Lau01] P. Laud. Semantics and program analysis of computationally secure information flow. In Proc. European Symp. on Programming, volume 2028 of LNCS, pages 77-91. Springer-Verlag, April 2001.
29. [Lau03] P. Laud. Handling encryption in an analysis for secure information flow. In Proc. European Symp. on Programming, volume 2618 of LNCS, pages 159-173. Springer-Verlag, April 2003.
30. [LMMS98] P. Lincoln, J. C. Mitchell, M. Mitchell, and A. Sccdrov. A probabilistic poly-time framework for protocol analysis. In ACM Conference on Computer and Communications Security, pages 112-121, November 1998.
31. [Low02] G. Lowe. Quantifying information flow. In Proc. IEEE Computer Security Foundations Workshop, pages 18-31, June 2002.
32. [LR93] J. Landauer and T. Redmond. A lattice of information. In Proc. IEEE Computer Security Foundations Workshop, pages 65-70, June 1993.
33. [LZ05] P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In Proc. ACM Symp. on Principles of Programming Languages, pages 158-170, January 2005.
34. [Man00] H. Mantel. Possibilistic definitions of security - An assembly kit -. In Proc. IEEE Computer Security Foundations Workshop, pages 185-199, July 2000.
35. [Man01] H. Mantel. Information flow control and applications - Bridging a gap. In Proc. Formal Methods Europe, volume 2021 of LNCS, pages 153-172. Springer-Verlag, March 2001.
36. [Mit93] J. C. Mitchell. On abstraction and the expressive power of programming languages. Science of Computer Programming, 212:141-163, 1993.
37. [Mit01] J. C. Mitchell. Probabilistic polynomial-time process calculus and security protocol analysis. In Proc. European Symp. on Programming, volume 2028 of LNCS, pages 23-29. Springer-Verlag, April 2001.
38. [ML00] A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, 2000.
39. [MS03] H. Mantel and A. Sabelfeld. A unifying approach to the security of distributed and multi-threaded programs. J. Computer Security, 11(4):615-676, September 2003.
40. [MS04] H. Mantel and D. Sands. Controlled downgrading based on intransitive (non)interference. In Proc. Asian Symp. on Programming Languages and Systems, volume 3302 of LNCS, pages 129-145. Springer-Verlag, November 2004.
41. [MSZ04a] A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. In Proc. IEEE Computer Security Foundations Workshop, pages 172-186, June 2004.
42. [MSZ04b] A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. Submitted to J. Computer Security, November 2004.
43. [Mul00] J. Mullins. Non-deterministic admissible interference. J. of Universal Computer Science, 6(11):1054-1070, 2000.
44. [Mye99] A. C. Myers. JFlow: Practical mostly-static information flow control. In Proc. ACM Symp. on Principles of Programming Languages, pages 228-241, January 1999.
45. +04] A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001-2004.
46. [PC00] F. Pottier and S. Conchon. Information flow inference for free. In Proc. ACM International Conference on Functional Programming, pages 46-57, September 2000.
47. [Pin95] S. Pinsky. Absorbing covers and intransitive noninterference. In Proc. IEEE Symp. on Security and Privacy, pages 102-113, May 1995.
48. [Plo77] G. D. Plotkin. LCF considered as a programming language. Theoretical Computer Science, 5(1):223-255, December 1977.
49. [Pro01] F. Prost. On the semantics of non-interference typebased analyses. In JFLA '001, Journées Francophones des Langages Applicatifs, January 2001.
50. [RG99] A. W. Roscoe and M. H. Goldsmith. What is intransitive noninterference? In Proc. IEEE Computer Security Foundations Workshop, pages 228-238, June 1999.
51. [RS99] P. Ryan and S. Schneider. Process algebra and noninterference. In Proc. IEEE Computer Security Foundations Workshop, pages 214-227, June 1999.
52. [Rus92] J. M. Rushby. Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-02, SRI International, 1992.
53. [Rya01] P. Ryan. Mathematical models of computer security - tutorial lectures. In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, volume 2171 of LNCS, pages 1-62. Springer-Verlag, 2001.
54. [SGM02] D. Sands, J. Gustavsson, and A. Moran. Lambda calculi and linear speedups. In The essence of computation: complexity, analysis, transformation, volume 2566 of LNCS, pages 60-82. Springer-Verlag, 2002.
55. [SM03] A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1):5-19, January 2003.
56. [SM04] A. Sabelfeld and A. C. Myers. A model for delimited information release. In Proc. International Symp. on Software Security (ISSS'03), volume 3233 of LNCS, pages 174-191. Springer-Verlag, October 2004.
57. [SS00] A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proc. IEEE Computer Security Foundations Workshop, pages 200-214, July 2000.
58. [SS01] A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. Higher Order and Symbolic Computation, 14(1):59-91, March 2001.
59. [TZ05] S. Tse and S. Zdancewic. Designing a security-typed language with certificate-based declassification. In Proc. European Symp. on Programming, volume 3444 of LNCS, pages 279-294. Springer-Verlag, April 2005.
60. [Vol00] D. Volpano. Secure introduction of one-way functions. In Proc. IEEE Computer Security Foundations Workshop, pages 246-254, July 2000.
61. [VS00] D. Volpano and G. Smith. Verifying secrets and relative secrecy. In Proc. ACM Symp. on Principles of Programming Languages, pages 268-276, January 2000.
62. [VSI96] D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. J. Computer Security, 4(3): 167-187, 1996.
63. [Zda04] S. Zdancewic. Challenges for information-flow security. In Proc. Programming Language Interference and Dependence (PLID), August 2004.
64. [ZM01] S. Zdancewic and A. C. Myers. Robust declassification. In Proc. IEEE Computer Security Foundations Workshop, pages 15-23, June 2001.