Expressive Declassification Policies and Modular Static Enforcement

May 18-May 21

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SP.2008.20

2008 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Anindya Banerjee Articles by David A. Naumann Articles by Stan Rosenberg

	ASCII Text	x
	Anindya Banerjee, David A. Naumann, Stan Rosenberg, "Expressive Declassification Policies and Modular Static Enforcement," Security and Privacy, IEEE Symposium on, pp. 339-353, 2008 IEEE Symposium on Security and Privacy (sp 2008), 2008.

	BibTex	x
	@article{ 10.1109/SP.2008.20, author = {Anindya Banerjee and David A. Naumann and Stan Rosenberg}, title = {Expressive Declassification Policies and Modular Static Enforcement}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3168-7}, pages = {339-353}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2008.20}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Expressive Declassification Policies and Modular Static Enforcement SN - 978-0-7695-3168-7 SP339 EP353 A1 - Anindya Banerjee, A1 - David A. Naumann, A1 - Stan Rosenberg, PY - 2008 KW - information flow KW - downgrading KW - declassification KW - verification VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Anindya Banerjee

David A. Naumann

Stan Rosenberg

This paper provides a way to specify expressive declassification policies, in particular, when, what, and where policies that include conditions under which downgrading is allowed. Secondly, an end-to-end semantic property is introduced, based on a model that allows observations of intermediate low states as well as termination. An attacker's knowledge only increases at explicit declassification steps, and within limits set by policy. Thirdly, static enforcement is provided by combining type-checking with program verification techniques applied to the small subprograms that carry out declassifications. Enforcement is proved sound for a simple programming language and the extension to object-oriented programs is described.

Index Terms:

information flow, downgrading, declassification, verification

Citation:

Anindya Banerjee, David A. Naumann, Stan Rosenberg, "Expressive Declassification Policies and Modular Static Enforcement," sp, pp.339-353, 2008 IEEE Symposium on Security and Privacy (sp 2008), 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.