Secure information flow as a safety problem

被引:0
|
作者
Terauchi, T
Aiken, A
机构
[1] Univ Calif Berkeley, EECS Dept, Berkeley, CA 94720 USA
[2] Stanford Univ, Comp Sci Dept, Stanford, CA USA
来源
STATIC ANALYSIS, PROCEEDINGS | 2005年 / 3672卷
关键词
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.
引用
收藏
页码:352 / 367
页数:16
相关论文
共 50 条
  • [41] Safety, Closure, and the Flow of Information
    Kipper, Jens
    ERKENNTNIS, 2016, 81 (05) : 1109 - 1126
  • [42] Semantics and program analysis of computationally secure information flow
    Laud, P
    PROGRAMMING LANGUAGES AND SYSTEMS, PROCEEDINGS, 2001, 2028 : 77 - 91
  • [43] Java']Java bytecode verification for secure information flow
    Avvenuti, M
    Bernardeschi, C
    De Francesco, N
    ACM SIGPLAN NOTICES, 2003, 38 (12) : 20 - 27
  • [44] Typing access control and secure information flow in sessions
    Capecchi, Sara
    Castellani, Ilaria
    Dezani-Ciancaglini, Mariangiola
    INFORMATION AND COMPUTATION, 2014, 238 : 68 - 105
  • [45] Formal verification of secure information flow in cloud computing
    Zeng, Wen
    Koutny, Maciej
    Watson, Paul
    Germanos, Vasileios
    JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2016, 27-28 : 103 - 116
  • [46] SpecVerilog: Adapting Information Flow Control for Secure Speculation
    Zagieboylo, Drew
    Sherk, Charles
    Myers, Andrew C.
    Suh, G. Edward
    PROCEEDINGS OF THE 2023 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, CCS 2023, 2023, : 2068 - 2082
  • [47] Information flow analysis for fail-secure devices
    Rae, A. (arae@itee.uq.edu.au), 1600, Oxford University Press (48):
  • [48] A secure information flow architecture for web service platforms
    College of Computing, Georgia Institute of Technology, 350043 Georgia Tech Station, Atlanta, GA 30332, United States
    不详
    不详
    IEEE Trans. Serv. Comput., 2008, 2 (75-87):
  • [49] A Framework for Secure Information Flow Analysis in Web Applications
    Adaimy, Ralph
    El-Hajj, Wassim
    Ben Brahim, Ghassen
    Hajj, Hazem
    Safa, Haidar
    2015 IEEE 29th International Conference on Advanced Information Networking and Applications (IEEE AINA 2015), 2015, : 434 - 441
  • [50] Caisson: A Hardware Description Language for Secure Information Flow
    Li, Xun
    Tiwari, Mohit
    Oberg, Jason K.
    Kashyap, Vineeth
    Chong, Frederic T.
    Sherwood, Timothy
    Hardekopf, Ben
    PLDI 11: PROCEEDINGS OF THE 2011 ACM CONFERENCE ON PROGRAMMING LANGUAGE DESIGN AND IMPLEMENTATION, 2011, : 109 - 120
12345