Formalizing appropriate information policies that authorize some controlled form of information release, and providing sound analyses for these policies is a necessary step towards practical applications of language-based security.We propose a modular method to enhance noninterference type systems to support controlled forms of information release that combine the what and where dimensions of declassification. As a case study, we derive from earlier work on non-interference type systems new type systems that soundly enforce declassification policies for sequential fragments of the Java Virtual Machine.Our work provides the first modular method to define sound type systems for declassification policies, and the first instance of a sound type system that supports declassification policies for unstructured languages.
Protecting sensitive information-credit card data, personal medical information, etc-is becoming an increasingly important issue due to ubiquity of computing systems. Traditionally, confidentiality of information is guaranteed by access control mechanisms, but there is a renewed interest in developing mechanisms that track how information flows during program execution.There are two established means to enforce information flow policies: static verification, and run-time or dynamic monitoring. Run-time monitoring is more flexible than static verification, since it permits running all programs and only reject unsecure executions; of course, the increased flexibility is mitigated by a degradation of runtime performance.This work presents two techniques for dynamic information flow monitoring. Unlike most of run-time monitors that rely on program rewriting techniques, these techniques use dynamic dependence graphs to track information flow at run-time. The proposed approaches scale to real languages and can cope with declassification annotations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.