Certification of programs for secure information flow

Denning, Dorothy E.; Denning, Peter J.

doi:10.1145/359636.359712

Cited by 844 publications

(559 citation statements)

References 20 publications

(33 reference statements)

Supporting

Mentioning

554

Contrasting

Unclassified

Order By: Relevance

“…Intuitively, Figure 5. Flow-sensitive type system the judgment expresses that the security levels of variables are determined by Γ before executing command c, and Γ describes the security levels of variables after the execution of c. The security level pc represents a program counter level recording the level of the context in order to avoid illegal implicit flows [18]. The type system uses judgments of the form Γ e : t to determine that the security level of expression e is t. This judgment is simply defined as the join of security levels associated with variables that appear in the expression.…”

Section: Flow-sensitive Type Systemmentioning

confidence: 99%

“…For example, program public := secret exhibits an explicit flow from secret to public. Information is passed via controlflow structure in an implicit flow [18]. For example, program if secret then public := 1 has an implicit flow.…”

Section: Introductionmentioning

confidence: 99%

“…One alternative to prevent explicit and implicit flows is purely static Denning-style enforcement [18], [52], [42]. For example, each assignment is checked for the following property: the level of the assigned variable must be high in case there is a high variable on the right-hand side of the assignment (tracking explicit flows) or in case the assignment appears inside of a high conditional or loop (tracking implicit flows).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Dynamic vs. Static Flow-Sensitive Security Analysis

Russo

Sabelfeld

2010

2010 23rd IEEE Computer Security Foundations Symposium

154

216

View full text Add to dashboard Cite

Abstract-This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure programs. It has been also shown that sound purely dynamic information-flow enforcement is more permissive than static analysis in the flow-insensitive case. We argue that the step from flow-insensitive to flow-sensitive is fundamentally limited for purely dynamic information-flow controls. We prove impossibility of a sound purely dynamic information-flow monitor that accepts programs certified by a classical flow-sensitive static analysis. A side implication is impossibility of permissive dynamic instrumented security semantics for information flow, which guides us to uncover an unsound semantics from the literature. We present a general framework for hybrid mechanisms that is parameterized in the static part and in the reaction method of the enforcement (stop, suppress, or rewrite) and give security guarantees with respect to terminationinsensitive noninterference for a simple language with output.

show abstract

Section: Flow-sensitive Type Systemmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic vs. Static Flow-Sensitive Security Analysis

Russo

Sabelfeld

2010

2010 23rd IEEE Computer Security Foundations Symposium

154

216

View full text Add to dashboard Cite

show abstract

“…In order to refine data protection and support data flow, IFC [9] was put forward. Subsequently, Myers extended it to distributed computing system and presented DIFC [10].…”

Section: Related Workmentioning

confidence: 99%

Protecting Cloud Data Using the Decentralized Information Flow Control with Authorization Condition

Ye¹,

Xu²,

Jiao³

et al. 2015

IJMLC

View full text Add to dashboard Cite

Abstract-In the extremely dynamic cloud computing system, traditional access control technologies provide no autonomic authorization and access control for the users on their data in remote cloud. Once data is migrated to the cloud, the user transfers the control to the providers of the cloud services and cloud hardware. So, whether the data is proper protected will be the users' most primary concerns and major challenges. This paper proposes a new decentralized information flow control model-DIFC-AC and its implementation. It expands the security label of DIFC with authorization condition used to express the control demands of the user, and access to the data is arbitrated based on their labels by intercepting IPC-relevant system calls. Thereby, the controls on the data are reached to the cloud, and sequentially the users' demands on the confidentiality, integrity and controllability of their data are meet.

show abstract

“…Experimental results are briefly presented in section 5. [D76] and [DD77] are the pioneering works which proposed a systematic method of analyzing information flow based on a lattice model of security classes. Subsequently, Denning's analysis method has been formalized and extended in a various way by Hoare-style axiomatization [BBM94], by abstract interpretation [O95], and by type theory [VS97,HR98,LR98].…”

Section: Introductionmentioning

confidence: 99%

An Efficient Information Flow Analysis of Recursive Programs Based on a Lattice Model of Security Classes

Kuninobu

Takata

Seki

et al. 2001

Information and Communications Security

View full text Add to dashboard Cite

Abstract. We present an efficient method for analyzing information flow of a recursive program. In our method, security levels of data can be formalized as an arbitrary finite lattice. We prove the correctness of the proposed algorithm and also show that the algorithm can be executed in cubic time in the size of a program. Furthermore, the algorithm is extended so that operations which hide information of their arguments can be appropriately modeled by using a congruence relation. Experimental results by using a protypic system are also presented.

show abstract

Certification of programs for secure information flow

Cited by 844 publications

References 20 publications

Dynamic vs. Static Flow-Sensitive Security Analysis

Dynamic vs. Static Flow-Sensitive Security Analysis

Protecting Cloud Data Using the Decentralized Information Flow Control with Authorization Condition

An Efficient Information Flow Analysis of Recursive Programs Based on a Lattice Model of Security Classes

Contact Info

Product

Resources

About