Enforcing robust declassification and qualified robustness

Journal of Computer Security

Volumn 14, Issue 2, 2006, Pages 157-196

  Myers, Andrew C ^a   Sabelfeld, Andrei ^b   Zdancewic, Steve ^c  

^a Department of Molecular Biology and Genetics   (United States)

^b CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

^c UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

Computer security; Confidentiality; Declassification; Endorsement; Information flow; Integrity; Noninterference; Security policies; Security type systems

Indexed keywords

COMPUTER PROGRAMMING; CONTROL SYSTEMS; INFORMATION RETRIEVAL; PROGRAM COMPILERS; PUBLIC POLICY; SECURITY OF DATA;

CONFIDENTIALITY; DECLASSIFICATION; ENDORSEMENT; INFORMATION FLOW; INTEGRITY; NONINTERFERENCE; SECURITY POLICIES; SECURITY-TYPE SYSTEMS;

ROBUSTNESS (CONTROL SYSTEMS);

EID: 33646177208     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2006-14203     Document Type: Article

References (54)

1. M. Abadi, A. Banerjee, N. Heintze and J. Riecke, A core calculus of dependency, in: Proc. ACM Symp. on Principles of Programming Languages, 1999, pp. 147-160.
2. J. Agat, Transforming out timing leaks, in: Proc. ACM Symp. on Principles of Programming Languages, 2000, pp. 40-53.
3. A. Banerjee and D.A. Naumann, Secure information flow and pointer confinement in a Java-like language, in: Proc. IEEE Computer Security Foundations Workshop, 2002, pp. 253-267.
4. W.R. Bevier, R.M. Cohen and W.D. Young, Connection policies and controlled interference, in: Proc. IEEE Computer Security Foundations Workshop, 1995, pp. 167-176.
5. K.J. Biba, Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA, Apr. 1977. (Also available through National Technical Information Service, Springfield Va., NTIS AD-A039324.)
6. A. Bossi, C. Piazza and S. Rossi, Modelling downgrading in information flow security, in: Proc. IEEE Computer Security Foundations Workshop, 2004, pp. 187-201.
7. S. Chong and A.C. Myers, Language-based information erasure, in: Proc. IEEE Computer Security Foundations Workshop, 2005, pp. 241-254.
8. T. Chothia, D. Duggan and J. Vitek, Type-based distributed access control, in: Proc. IEEE Computer Security Foundations Workshop, 2003, pp. 170-186.
9. D. Clark, S. Hunt and P. Malacaria, Quantitative analysis of the leakage of confidential data, in: Proc. Quantitative Aspects of Programming Languages, Volume 59 of ENTCS, Elsevier, 2002.
10. M.R. Clarkson, A.C. Myers and F.B. Schneider, Belief in information flow, in: Proc. IEEE Computer Security Foundations Workshop, 2005.
11. E.S. Cohen, Information transmission in sequential programs, in: Foundations of Secure Computation, R.A. DeMillo, D.P. Dobkin, A.K. Jones and R.J. Lipton, eds, Academic Press, 1978, pp. 297-335.
12. M. Dam and P. Giambiagi, Confidentiality for mobile code: The case of a simple payment protocol, in: Proc. IEEE Computer Security Foundations Workshop, 2000, pp. 233-244.
13. D.E. Denning, A lattice model of secure information flow, Comm. of the ACM 19(5) (1976), 236-243.
14. D. E. Denning, Cryptography and Data Security, Addison-Wesley, Reading, MA, 1982.
15. D.E. Denning and P.J. Denning, Certification of programs for secure information flow, Comm. of the ACM 20(7) (1977), 504-513.
16. A. Di Pierro, C. Hankin and H. Wiklicky, Approximate non-interference, in: Proc. IEEE Computer Security Foundations Workshop, 2002, pp. 1-17.
17. E. Ferrari, P. Samarati, E. Bertino and S. Jajodia, Providing flexibility in information flow control for object-oriented systems, in: Proc. lEEE Symp. on Security and Privacy, 1997, pp. 130-140.
18. P. Giambiagi and M. Dam, On the secure implementation of security protocols, in: Proc. European Symp. on Programming, Volume 2618 of LNCS, Springer, 2003, pp. 144-158.
19. J.A. Goguen and J. Meseguer, Security policies and security models, in: Proc. IEEE Symp. on Security and Privacy, 1982, pp. 11-20.
20. N. Heintze and J.G. Riecke, The SLam calculus: programming with secrecy and integrity, in: Proc. ACM Symp. on Principles of Programming Languages, 1998, pp. 365-377.
21. R. Joshi and K.R.M. Leino, A semantic approach to secure information flow, Science of Computer Programming 37(1-3) (2000), 113-138.
22. P. Laud, Semantics and program analysis of computationally secure information flow, in: Proc. European Symp. on Programming, Volume 2028 of LNCS, Springer, 2001, pp. 77-91.
23. P. Laud, Handling encryption in an analysis for secure information flow, in: Proc. European Symp. on Programming, Volume 2618 of LNCS, Springer, 2003, pp. 159-173.
24. P. Li, Y. Mao and S. Zdancewic, Information integrity policies, in: Proceedings of the Workshop on Formal Aspects in Security & Trust (FAST), 2003.
25. P. Li and S. Zdancewic, Downgrading policies and relaxed noninterference, in: Proc. ACM Symp. on Principles of Programming Languages, 2005.
26. P. Li and S. Zdancewic, Unifying confidentiality and integrity in downgrading policies, in: Proc. of the LICS'05 Affiliated Workshop on Foundations of Computer Security (FCS), 2005.
27. G. Lowe, Quantifying information flow, in: Proc. IEEE Computer Security Foundations Workshop, 2002, pp. 18-31.
28. H. Mantel, Information flow control and applications - Bridging a gap, in: Proc. Formal Methods Europe, Volume 2021 of LNCS, Springer, 2001, pp. 153-172.
29. H. Mantel and D. Sands, Controlled downgrading based on intransitive (non)interference, in: Proceedings of the 2nd Asian Symposium on Programming Languages and Systems, Volume 3302 of LNCS, Springer, 2004, pp. 129-145.
30. J.K. Millen, Covert channel capacity, in: Proc. IEEE Symp. on Security and Privacy, Oakland, CA, 1987.
31. A.C. Myers and B. Liskov, A decentralized model for information flow control, in: Proc. ACM Symp. on Operating System Principles, 1997, pp. 129-142.
32. A.C. Myers and B. Liskov, Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology 9(4) (2000), 410-442.
33. A.C. Myers, L. Zheng, S. Zdancewic, S. Chong and N. Nystrom, Jif: Java information flow, Software release, Located at http://www.cs.cornell.edu/jif, July 2001-2003.
34. S. Pinsky, Absorbing covers and intransitive non-interference, in: Proc. IEEE Symp. on Security and Privacy, 1995, pp. 102-113.
35. F. Pottier and S. Conchon, Information flow inference for free, in: Proc. ACM International Conference on Functional Programming, 2000, pp. 46-57.
36. F. Pottier and V. Simonet, Information flow inference for ML, in: Proc. ACM Symp. on Principles of Programming Languages, 2002, pp. 319-330.
37. A.W. Roscoe and M.H. Goldsmith, What is intransitive noninterference? in: Proc. IEEE Computer Security Foundations Workshop, 1999, pp. 228-238.
38. J.M. Rushb, Noninterference, transitivity and channel-control security policies, Technical Report CSL-92-02, SRI International, 1992.
39. A. Sabelfeld and A.C. Myers, Language-based information-flow security, IEEE J. Selected Areas in Communications 21(1) (2003), 5-19.
40. A. Sabelfeld and A.C. Myers, A model for delimited information release, in: Proc. International Symp. on Software Security (ISSS'03), Volume 3233 of LNCS, Springer, 2004, pp. 174-191.
41. A. Sabelfeld and D. Sands, Probabilistic noninterference for multi-threaded programs, in: Proc. IEEE Computer Security Foundations Workshop, 2000, pp. 200-214.
42. A. Sabelfeld and D. Sands, A per model of secure information flow in sequential programs, Higher Order and Symbolic Computation 14(1) (2001), 59-91.
43. A. Sabelfeld and D. Sands, Dimensions and principles of declassification, in: Proc. IEEE Computer Security Foundations Workshop, 2005, pp. 255-269.
44. G. Smith and D. Volpano, Secure information flow in a multi-threaded imperative language, in: Proc. ACM Symp. on Principles of Programming Languages, 1998, pp. 355-364.
45. D. Volpano, Secure introduction of one-way functions, in: Proc. IEEE Computer Security Foundations Workshop, 2000, pp. 246-254.
46. D. Volpano and G. Smith, Probabilistic noninterference in a concurrent language, J. Computer Security 7(2-3) (1999), 231-253.
47. D. Volpano and G. Smith, Verifying secrets and relative secrecy, in: Proc. ACM Symp. on Principles of Programming Languages. 2000, pp. 268-276.
48. D. Volpano, G. Smith and C. Irvine, A sound type system for secure flow analysis, J. Computer Security 4(3) (1996), 167-187.
49. G. Winskel, The Formal Semantics of Programming Languages: An Introduction, MIT Press, Cambridge, MA, 1993.
50. S. Zdancewic, A type system for robust declassification, in: Proc. Mathematical Foundations of Programming Semantics, ENTCS, Elsevier, Mar. 2003.
51. S. Zdancewic and A.C. Myers, Robust declassification, in: Proc. IEEE Computer Security Foundations Workshop, 2001, pp. 15-23.
52. S. Zdancewic and A.C. Myers, Secure information flow and CPS, in: Proc. European Symp. on Programming, Volume 2028 of LNCS, Springer, 2001, pp. 46-61.
53. S. Zdancewic, L. Zheng, N. Nystrom and A.C. Myers, Secure program partitioning, ACM Trans. Comput. Syst. 20(3) (2002), 283-328.
54. L. Zheng, S. Chong, A.C. Myers and S. Zdancewic, Using replication and partitioning to build secure distributed systems, in: Proc. IEEE Symp. on Security and Privacy, 2003, pp. 236-250.