A permission-dependent type system for secure information flow analysis
نویسندگان
چکیده
We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential leakage Android applications. To this end, we design lightweight featuring permission model, where permissions are assigned to applications and used enforce access control take inspiration from Banerjee Naumann allow security types be dependent on A feature our typing rule conditional branching induced testing, which introduces merging operator types, allowing more precise policies enforced. The soundness proved with respect non-interference. inference algorithm also presented underlying system, reducing constraint solving lattice types. In addition, new way represent as reduced ordered binary decision diagrams proposed.
منابع مشابه
A Permission-Dependent Type System for Secure Information Flow Analysis
We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a lightweight type system featuring Android permission model, where the permissions are statically assigned to applications and are used to enforce access contro...
متن کاملA Type System for Computationally Secure Information Flow
The paper presents a novel type system for checking the security of information flow in programs containing operations of symmetric encryption. The type system is correct with respect to the complexity-theoretic security definitions of the encryption primitive. Topics: semantics, cryptography.
متن کاملA New Type System for Secure Information Flow
With the variables of a program classified as (low, public) or (high, private), we wish to prevent the program from leaking information about variables into variables. Given a multi-threaded imperative language with probabilistic scheduling, the goal can be formalized as a property called probabilistic noninterference. Previous work identified a type system sufficient to guarantee probabilistic...
متن کاملA Sound Type System for Secure Flow Analysis
Ensuring secure information ow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning's analysis has not been established satisfactorily. We formulate Denning's approach as a type system and present a notion of soundness for the...
متن کاملA Sound Type System for Secure Flow Analysis 32
Ensuring secure information ow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model 6]]7]. Until now, however, the soundness of Denning's analysis has not been established satisfactorily. We formulate Denning's approach as a type system and present a notion of soundness for the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of Computer Security
سال: 2021
ISSN: ['0926-227X', '1875-8924']
DOI: https://doi.org/10.3233/jcs-200036