Managing policy updates in security-typed languages

Proceedings of the Computer Security Foundations Workshop

Volumn 2006, Issue , 2006, Pages 202-214

  Swamy, Nikhil ^a   Hicks, Michael ^a   Tse, Stephen ^b   Zdancewic, Steve ^b  

^a UNIVERSITY OF MARYLAND   (United States)

^b UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

SECURITY POLICIES; TRANSACTION;

COMPUTER PROGRAMMING LANGUAGES; DATA PRIVACY; INFORMATION MANAGEMENT; QUERY LANGUAGES; SEMANTICS; VERIFICATION;

SECURITY OF DATA;

EID: 33947711323     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSFW.2006.17     Document Type: Conference Paper

References (27)

1. A. Banerjee and D. A. Naumann. Using access control for secure information flow in a Java-like language. In CSFW, June 2003.
2. M. Y. Becker. Cassandra: flexible trust management and its application to electronic health records. Technical Report UCAM-CL-TR-648, University of Cambridge, Computer Laboratory, 2005.
3. N. Broberg and D. Sands. Flow Locks: Towards a Core Calculus for Dynamic Flow Policies. In ESOP, 2006.
4. H. Chen and S. Chong. Owned Policies for Information Security. In CSFW, 2004.
5. S. Chong and A. C. Myers. Security policies for downgrading. In CCS, 2004.
6. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. IETF RFC 2693, 1999.
7. J. Y. Halpern and K. R. O'Neill. Anonymity and information hiding in multiagent systems. J. Computer Security, 13(3):483-514, 2005.
8. T. Harris, S. Marlow, S.Peyton-Jones, and M. Herlihy. Composable memory transactions. In PPoPP, 2005.
9. M. Hicks, S. Tse, B. Hicks, and S. Zdancewic. Dynamic Updating of Information-Flow Policies. In PCS, 2005.
10. H. H. Hosmer. Metapolicies 1. SIGSAC Review, 10(2-3): 18-43, 1992.
11. N. Li and J. C. Mitchell. Understanding SPKI/SDSI using first-order logic. In CSFW, 2003.
12. N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a Role-Based Trust-Management Framework. In IEEE Symposium on Security and Privacy, 2002.
13. A. Matos and G. Boudol. On declassification and the nondisclosure policy. In CSFW, 2005.
14. A. C. Myers, N. Nystrom, L. Zheng, and S. Zdancewic. Jif: Java + information flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001.
15. A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing Robust Declassification. In CSFW, 2004.
16. F. Pettier and V. Simonet. Information flow inference for ML. TOPLAS, 25(1), Jan. 2003.
17. Role based access control, http://csrc.nist.gov/rbac/, 2006.
18. M. F. Ringenburg and D. Grossman. AtomCaml: First-Class Atomicity via Rollback. In ICFP, 2005.
19. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, Jan. 2003.
20. N. Shavit and D. Touitou. Software transactional memory. In PODC, 1995.
21. N. Swamy, M. Hicks, S. Tse, and S. Zdancewic. Managing policy updates in security-typed languages. Technical Report CS-TR-4793, University of Maryland, 2006. www.cs.umd.edu/~nswamy/rx/tr.pdf.
22. S. Tse and S. Zdancewic. Run-time Principals in Information-flow Type Systems. In IEEE Symposium on Security and Privacy, 2004.
23. S. Tse and S. Zdancewic. Designing a security-typed language with certificate-based declassification. In ESOP, Lecture Notes in Computer Science, 2005.
24. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167-187, 1996.
25. A. Welc, S. Jagannathan, and A. L. Hosking. Transactional monitors for concurrent objects. In ECOOP, 2004.
26. S. Zdancewic and A. C. Myers. Robust declassification. In Proc. of 14th IEEE Computer Security Foundations Workshop, pages 15-23, Cape Breton, Canada, June 2001.
27. L. Zheng and A. C. Myers. Dynamic Security Labels and Noninterference. In Formal Aspects in Security and Trust, 2004.