Secure Information Flow as a Safety Problem

Secure Information Flow as a Safety Problem
T. Terauchi, A. Aiken

Citation
T. Terauchi, A. Aiken. "Secure Information Flow as a Safety Problem". 12th International Static Analysis Symposium,, 352-367, September, 2005.

Abstract
The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D’Argenio, and Rezk coined the term “self-composition” to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the selfcompositional approach.

Electronic downloads

http://theory.stanford.edu/~aiken/publications/papers/sas05b.pdf

Citation formats

HTML

T. Terauchi, A. Aiken. <a
href="http://www.truststc.org/pubs/617.html"
>Secure Information Flow as a Safety Problem</a>,
12th International Static Analysis Symposium,, 352-367,
September, 2005.

Plain text

T. Terauchi, A. Aiken. "Secure Information Flow as a
Safety Problem". 12th International Static Analysis
Symposium,, 352-367, September, 2005.

BibTeX

@inproceedings{TerauchiAiken05_SecureInformationFlowAsSafetyProblem,
    author = {T. Terauchi and A. Aiken},
    title = {Secure Information Flow as a Safety Problem},
    booktitle = {12th International Static Analysis Symposium,},
    pages = {352-367},
    month = {September},
    year = {2005},
    abstract = {The termination insensitive secure information
              flow problem can be reduced to solving a safety
              problem via a simple program transformation.
              Barthe, Dâ��Argenio, and Rezk coined the term
              â��self-compositionâ�� to describe this reduction.
              This paper generalizes the self-compositional
              approach with a form of information downgrading
              recently proposed by Li and Zdancewic. We also
              identify a problem with applying the
              self-compositional approach in practice, and we
              present a solution to this problem that makes use
              of more traditional type-based approaches. The
              result is a framework that combines the best of
              both worlds, i.e., better than traditional
              type-based approaches and better than the
              selfcompositional approach.},
    URL = {http://www.truststc.org/pubs/617.html}
}

Posted by Jessica Gamble on 18 Mar 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.