Article

Handling declared information leakage: extended abstract

Authors:

F. ProstAuthors Info & Claims

WITS '05: Proceedings of the 2005 workshop on Issues in the theory of security

Pages 1 - 4

https://doi.org/10.1145/1045405.1045406

Published: 10 January 2005 Publication History

Abstract

We address the problem of controlling information leakage in a concurrent declarative programming setting. Our aim is to define formal tools in order to distinguish between authorized, or declared, information flows such as password testing (e.g., ATM, login processes, etc.) and non-authorized ones. We propose to define security policies as rewriting systems. Such policies define how the privacy levels of information evolve. A formal definition of secure processes with respect to a given security policy is given.

References

[1]

G. Boudol and I. Castellani. Noninterference for concurrent programs and thread systems. Theoretical Computer Science, 281(1):109--130, 2002. Special issue: "Merci, Maurice, A mosaic in honour of Maurice Nivat" (P.-L. Curien, Ed.).]]

Digital Library

[2]

R. Echahed and F. Prost. Handling harmless interference (preliminary version). 2003. Available at http://www.leibniz.imag.fr/LesCahiers/Cahier82/ResumCahier82.html.]]

[3]

R. Echahed, F. Prost, and W. Serwe. Statically assuring secrecy for dynamic concurrent processes. 2003. proceedings of PPDP'03, preliminary version avalaible at http://www.leibniz.imag.fr/LesCahiers/2002/Cahier40/ResumCahier40.html.]]

Digital Library

[4]

R. Echahed and W. Serwe. Combining mobile processes and declarative programming. In J. Lloyd et al., editors, Proceedings of the 1stInternational Conference on Computational Logic (CL 2000), volume 1861 of Lecture Notes in Artificial Intelligence, pages 300--314, London, July 2000. Springer Verlag.]]

Digital Library

[5]

R. Echahed and W. Serwe. Integrating action definitions into concurrent declarative programming. Electronic Notes in Theoretical Computer Science, 64, Sept. 2002. special issue: selected papers of the International Workshop on Functional and (Constraint) Logic Programming (WFLP 2001).]]

[6]

R. Giacobazzi and I. Mastroeni. Abstract non-interference. In Proceedings of the 31th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'04), Venice, Italy, Jan. 2004.]]

Digital Library

[7]

J. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, pages 11--20. IEEE Computer Society Press, 1982.]]

[8]

H. Mantel and D. Sands. Controlled declassification based on intransitive noninterference. In 2nd ASIAN Symposium on Programming Languages and Systems, 2004.]]

[9]

A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. In 17th IEEE Computer Security Foundations Workshop, pages 172--186, 2004.]]

Digital Library

[10]

A. D. Pierro, C. Hankin, and H. Wiklicky. Approximate confinement under uniform attacks. In M. V. Hermenegildo and G. Puebla, editors, SAS'02 - Static Analysis, 9th International Symposium, number 2477 in Lecture Notes in Computer Science, Madrid, Spain, September 2002. Springer.]]

Digital Library

[11]

A. D. Pierro, C. Hankin, and H. Wiklicky. Approximate non-interference. In CSFW'02 - 15th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, 2002.]]

Digital Library

[12]

P. Ryan, J. McLean, J. Millen, and V. Gilgor. Non-interference, who needs it? In CSFW'01 - 14th IEEE Computer Security Foundations Workshop, pages 237--238, Cape Breton, Nova Scotia, Canada, June 2001.]]

Digital Library

[13]

G. Smith and D. M. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '98), pages 355--364, San Diego, Jan. 1998.]]

Digital Library

[14]

S. Zdancewic. A type system for robust declassification. In Annual Conference on the Mathematical Foundations of Programming Semantics, 2003.]]

Digital Library

[15]

S. Zdancewic and A. Myers. Robust declassification. In Proceedings of 14th IEEE CSFW, pages 15--23, Cape Breton, Nova Scotia, Canada, June 2001., 2001.]]

Digital Library

Cited By

Prost F(2011)Enforcing Dynamic Interference Policy2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing10.1109/PASSAT/SocialCom.2011.17(1111-1118)Online publication date: Oct-2011
https://doi.org/10.1109/PASSAT/SocialCom.2011.17
Sabelfeld ASands D(2009)Declassification: Dimensions and principlesJournal of Computer Security10.5555/1662658.166265917:5(517-548)Online publication date: 1-Oct-2009
https://dl.acm.org/doi/10.5555/1662658.1662659
Echahed RProst FBarahona PFelty A(2005)Security policy in a declarative styleProceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming10.1145/1069774.1069789(153-163)Online publication date: 11-Jul-2005
https://dl.acm.org/doi/10.1145/1069774.1069789
Show More Cited By

Handling declared information leakage: extended abstract
1. Security and privacy
  1. Systems security

Recommendations

Handling dynamic information release
ICISC'07: Proceedings of the 10th international conference on Information security and cryptology

Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of sensitive ...
Handling Dynamic Information Release
Information Security and Cryptology - ICISC 2007
Abstract
Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of ...
Avoiding information leakage in security-policy-aware planning
WPES '08: Proceedings of the 7th ACM workshop on Privacy in the electronic society

In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WITS '05: Proceedings of the 2005 workshop on Issues in the theory of security

January 2005

90 pages

ISBN:1581139802

DOI:10.1145/1045405

Conference Chair:
Catherine Meadows
Naval Research Laboratory

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 January 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

WITS05

Sponsor:

SIGPLAN

WITS05: Workshop on Issues in the Theory of Security 2005 ( co-located with POPL 2005 Conference )

January 10 - 11, 2005

California, Long Beach

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
222
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Prost F(2011)Enforcing Dynamic Interference Policy2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing10.1109/PASSAT/SocialCom.2011.17(1111-1118)Online publication date: Oct-2011
https://doi.org/10.1109/PASSAT/SocialCom.2011.17
Sabelfeld ASands D(2009)Declassification: Dimensions and principlesJournal of Computer Security10.5555/1662658.166265917:5(517-548)Online publication date: 1-Oct-2009
https://dl.acm.org/doi/10.5555/1662658.1662659
Echahed RProst FBarahona PFelty A(2005)Security policy in a declarative styleProceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming10.1145/1069774.1069789(153-163)Online publication date: 11-Jul-2005
https://dl.acm.org/doi/10.1145/1069774.1069789
Sabelfeld ASands D(2005)Dimensions and Principles of DeclassificationProceedings of the 18th IEEE workshop on Computer Security Foundations10.1109/CSFW.2005.15(255-269)Online publication date: 20-Jun-2005
https://dl.acm.org/doi/10.1109/CSFW.2005.15

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten