Stephen Chong, Andrew C. Myers
Citation
Stephen Chong, Andrew C. Myers. "Decentralized Robustness". Proceedings of the 19th IEEE Computer Security Foundations Workshop, 242-253, July, 2006.
Abstract
Robustness links confidentiality and integrity properties of a computing
system and has been identified as a useful property for characterizing
and enforcing security. Previous characterizations of robustness have
been with respect to a single idealized attacker; this paper shows how
to define robustness for systems with mutual distrust. Further, we
demonstrate that the decentralized label model (DLM) can be extended to
support fine-grained reasoning about robustness in such systems. The DLM
is a natural choice for capturing robustness requirements because
decentralized labels are explicitly expressed in terms of principals
that can be used to characterize the power of attackers across both the
confidentiality and integrity axes. New rules are proposed for
statically checking robustness and qualified robustness using an
extended DLM; the resulting type system is shown to soundly enforce
robustness. Finally, sound approximations are developed for checking
programs with bounded but unknown label parameters, which is useful for
security-typed languages. In sum, the paper shows how to use robustness
to gain assurance about secure information flow and information release
in systems with complex security requirements.
Electronic downloads
| Citation formats |
- HTML
Stephen Chong, Andrew C. Myers. <a href="http://www.truststc.org/pubs/455.html" >Decentralized Robustness</a>, Proceedings of the 19th IEEE Computer Security Foundations Workshop, 242-253, July, 2006.
- Plain text
Stephen Chong, Andrew C. Myers. "Decentralized Robustness". Proceedings of the 19th IEEE Computer Security Foundations Workshop, 242-253, July, 2006.
- BibTeX
@inproceedings{ChongMyers06_DecentralizedRobustness, author = {Stephen Chong and Andrew C. Myers}, title = {Decentralized Robustness}, booktitle = {Proceedings of the 19th IEEE Computer Security Foundations Workshop}, pages = {242-253}, month = {July}, year = {2006}, abstract = {Robustness links confidentiality and integrity properties of a computing system and has been identified as a useful property for characterizing and enforcing security. Previous characterizations of robustness have been with respect to a single idealized attacker; this paper shows how to define robustness for systems with mutual distrust. Further, we demonstrate that the decentralized label model (DLM) can be extended to support fine-grained reasoning about robustness in such systems. The DLM is a natural choice for capturing robustness requirements because decentralized labels are explicitly expressed in terms of principals that can be used to characterize the power of attackers across both the confidentiality and integrity axes. New rules are proposed for statically checking robustness and qualified robustness using an extended DLM; the resulting type system is shown to soundly enforce robustness. Finally, sound approximations are developed for checking programs with bounded but unknown label parameters, which is useful for security-typed languages. In sum, the paper shows how to use robustness to gain assurance about secure information flow and information release in systems with complex security requirements.}, URL = {http://www.truststc.org/pubs/455.html} }
Posted by Andrew C. Myers, Ph.D. on 22 Aug 2008.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.