Managing Policy Updates in Security-Typed Languages

Venice, Italy July 05-July 07

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.17

19th IEEE Computer Security Foundatio ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nikhil Swamy Articles by Michael Hicks Articles by Stephen Tse Articles by Steve Zdancewic

	ASCII Text	x
	Nikhil Swamy, Michael Hicks, Stephen Tse, Steve Zdancewic, "Managing Policy Updates in Security-Typed Languages," Computer Security Foundations Workshop, IEEE, pp. 202-216, 19th IEEE Computer Security Foundations Workshop (CSFW'06), 2006.

	BibTex	x
	@article{ 10.1109/CSFW.2006.17, author = {Nikhil Swamy and Michael Hicks and Stephen Tse and Steve Zdancewic}, title = {Managing Policy Updates in Security-Typed Languages}, journal ={Computer Security Foundations Workshop, IEEE}, volume = {0}, year = {2006}, issn = {1063-6900}, pages = {202-216}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.17}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Workshop, IEEE TI - Managing Policy Updates in Security-Typed Languages SN - 1063-6900 SP202 EP216 A1 - Nikhil Swamy, A1 - Michael Hicks, A1 - Stephen Tse, A1 - Steve Zdancewic, PY - 2006 KW - null VL - 0 JA - Computer Security Foundations Workshop, IEEE ER -

Nikhil Swamy, University of Maryland, USA

Michael Hicks, University of Maryland, USA

Stephen Tse, University of Pennsylvania, USA

Steve Zdancewic, University of Pennsylvania, USA

This paper presents RX, a new security-typed programming language with features intended to make the management of information-flow policies more practical. Security labels in RX, in contrast to prior approaches, are defined in terms of owned roles, as found in the RT rolebased trust-management framework. Role-based security policies allow flexible delegation, and our language RX provides constructs through which programs can robustly update policies and react to policy updates dynamically. Our dynamic semantics use statically verified transactions to eliminate illegal information flows across updates, which we call transitive flows. Because policy updates can be observed through dynamic queries, policy updates can potentially reveal sensitive information. As such, RX considers policy statements themselves to be potentially confidential information and subject to information-flow metapolicies.

Citation:

Nikhil Swamy, Michael Hicks, Stephen Tse, Steve Zdancewic, "Managing Policy Updates in Security-Typed Languages," csfw, pp.202-216, 19th IEEE Computer Security Foundations Workshop (CSFW'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.