Dependency-Based Information Flow Analysis with Declassification in a Program Logic

نویسندگان

Bart van Delft

Richard Bubel

چکیده

We present a deductive approach for the analysis of secure information flows with support for fine-grained policies that include declassifications in the form of delimited information release. By explicitly tracking the dependencies of program locations as a computation history, we maintain high precision, while avoiding the need for comparing independent program runs. By considering an explicit heap model, we argue that the proposed analysis can straightforwardly be applied on object-oriented programs.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Epistemic Formulation of Information Flow Analysis

Most accounts of information flow security in programming languages emphasize non-interference to characterize security: in a secure program, changes to high-security inputs do not alter the values of low-security outputs. The definition of non-interference is incompatible with declassification, which allows some low-security outputs to be influenced by high-security inputs. We propose an alter...

متن کامل

Flow-Sensitive Automaton-Based Monitoring of a Declassification Policy

Declassification policies aim to guarantee trusted release of confidential information. The semantic security conditions of declassification policies focus on different dimensions. In order to prevent the special attacks aiming to compromise the mechanisms of declassification, it is important for a declassification policy to combine different dimensions. Moreover, current body of work on the en...

متن کامل

Designing a Security-typed Language with Certificate-based Declassification

This paper presents the design of a programming language that supports information-flow security policies and certificate-based declassification. The language uses monadic information-flow annotations in the style of Abadi et al.’s dependency core calculus, and has an effects system and fixpoints. The type system conflates security concepts such as labels, principals, and privileges with abstra...

متن کامل

A Separation Logic for Enforcing Declarative Information Flow Control Policies

In this paper, we present a program logic for proving that a program does not release information about sensitive data in an unintended way. The most important feature of the logic is that it provides a formal security guarantee while supporting “declassification policies” that describe precise conditions under which a piece of sensitive data can be released. We leverage the power of Hoare Logi...

متن کامل

Very Static Enforcement of Dynamic Policies

Security policies are naturally dynamic. Reflecting this, there has been a growing interest in studying information-flow properties which change during program execution, including concepts such as declassification, revocation, and role-change. A static verification of a dynamic information flow policy, from a semantic perspective, should only need to concern itself with two things: 1) the depe...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

CoRR

دوره abs/1509.04153 شماره

صفحات -

تاریخ انتشار 2015

Dependency-Based Information Flow Analysis with Declassification in a Program Logic

نویسندگان

چکیده

منابع مشابه

An Epistemic Formulation of Information Flow Analysis

Flow-Sensitive Automaton-Based Monitoring of a Declassification Policy

Designing a Security-typed Language with Certificate-based Declassification

A Separation Logic for Enforcing Declarative Information Flow Control Policies

Very Static Enforcement of Dynamic Policies

عنوان ژورنال:

اشتراک گذاری