Name
Abstract | ||
|---|---|---|
A number of systems have been developed for dynamic information flow control (IFC). In such systems, the security policy is expressed by labeling input and output channels, it is enforced by tracking and checking labels on data. Systems have been proven to enforce some form of noninterference (NI), formalized as a property of two runs of the program. In practice, NI is too strong and it is desirable to enforce some relaxation of NI that allows downgrading under constraints that have been classified as 'what', 'where', 'who', or 'when' policies. To encompass a broad range of policies, relational logic has been proposed as a means to specify and statically enforce policy. This paper shows how relational logic policies can be dynamically checked. To do so, we provide a new account of monitoring, in which the monitor state is viewed as an abstract interpretation of sets of pairs of program runs. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1109/CSF.2014.12 | Computer Security Foundations Symposium |
Keywords | Field | DocType |
logic programming,program diagnostics,security of data,IFC,abstract interpretation,information flow control,information flow monitoring,noninterference form,relational logic policy,security policy,Information flow,abstract interpretation,declassification,endorsement,relational logic,run-time monitoring | Information flow (information theory),Programming language,Abstract interpretation,Computer science,Declassification,Communication channel,Input/output,Theoretical computer science,Relational logic,Security policy,Semantics | Conference |
ISSN | Citations | PageRank |
1063-6900 | 13 | 0.51 |
References | Authors | |
30 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Andrey Chudnov | 1 | 180 | 7.97 |
| George Kuan | 2 | 13 | 0.51 |
| David Naumann | 3 | 1101 | 84.12 |