Article

Localized delimited release: combining the what and where dimensions of information release

Authors:
Aslan Askarov

Chalmers University of Technology, Göteborg, Sweden

Chalmers University of Technology, Göteborg, Sweden
View Profile

,
Andrei Sabelfeld

Chalmers University of Technology, Göteborg, Sweden

Chalmers University of Technology, Göteborg, Sweden
View Profile

PLAS '07: Proceedings of the 2007 workshop on Programming languages and analysis for securityJune 2007Pages 53–60https://doi.org/10.1145/1255329.1255339

Published:14 June 2007Publication History

PLAS '07: Proceedings of the 2007 workshop on Programming languages and analysis for security

Pages 53–60

ABSTRACT

Information release (or declassification) policies are the key challenge for language-based information security. Although much progress has been made, different approaches to information release tend to address different aspects of information release. In a recent classification, these aspects are referred to as what, who, where, and when dimensions of declassification. In order to avoid information laundering, it is important to combine defense along the different dimensions. As a step in this direction, this paper presents a combination of what and where information release policies. Moreover, we show that a minor modification of a security type system from the literature (which was designed for treating the what dimension) in fact enforces the combination of what and where policies

References

M. Abadi, A. Banerjee, N. Heintze, and J. Riecke. A core calculus of dependency. In Proc. ACM Symp. on Principles of Programming Languages, pages 147--160, January 1999. Google ScholarDigital Library
A. Askarov and A. Sabelfeld. Gradual release: Unifying declassification, encryption and key release policies. In Proc. IEEE Symp. on Security and Privacy, May 2007. Google ScholarDigital Library
A. Bossi, C. Piazza, and S. Rossi. Modelling downgrading in information flow security. In Proc. IEEE Computer Security Foundations Workshop, pages 187--201, June 2004. Google ScholarDigital Library
N. Broberg and D. Sands. Flow locks: Towards a core calculus for dynamic flow policies. In Proc. European Symp. on Programming, volume 3924 of LNCS, pages 180--196. Springer-Verlag, 2006. Google ScholarDigital Library
S. Chong and A. C. Myers. Security policies for downgrading. In ACM Conference on Computer and Communications Security, pages 198--209, October 2004. Google ScholarDigital Library
E. S. Cohen. Information transmission in sequential programs. In R. A. DeMillo, D. P. Dobkin, A. K. Jones, and R. J. Lipton, editors, Foundations of Secure Computation, pages 297--335. Academic Press, 1978.Google Scholar
J. A. Goguen and J. Meseguer. Security policies and security models. In Proc. IEEE Symp. on Security and Privacy, pages 11--20, April 1982.Google ScholarCross Ref
R. Giacobazzi and I. Mastroeni. Abstract non-interference: Parameterizing non-interference by abstract interpretation. In Proc. ACM Symp. on Principles of Programming Languages, pages 186--197, January 2004. Google ScholarDigital Library
R. Giacobazzi and I. Mastroeni. Adjoining declassification and attack models by abstract interpretation. In Proc. European Symp. on Programming, volume 3444 of LNCS, pages 295--310. Springer-Verlag, April 2005. Google ScholarDigital Library
R. Joshi and K. R. M. Leino. A semantic approach to secure information flow. Science of Computer Programming, 37(1-3):113--138, 2000. Google ScholarDigital Library
P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In Proc. ACM Symp. on Principles of Programming Languages, pages 158--170, January 2005. Google ScholarDigital Library
H. Mantel. Information flow control and applications¿Bridging a gap. In Proc. Formal Methods Europe, volume 2021 of LNCS, pages 153--172. Springer-Verlag, March 2001. Google ScholarDigital Library
H. Mantel and A. Reinhard. Controlling the what and where of declassification in language-based security. In Proc. European Symp. on Programming, volume 4421 of LNCS, pages 141--156. Springer-Verlag, 2007. Google ScholarDigital Library
H. Mantel and D. Sands. Controlled downgrading based on intransitive (non)interference. In Proc. Asian Symp. on Programming Languages and Systems, volume 3302 of LNCS, pages 129--145. Springer-Verlag, November 2004.Google ScholarCross Ref
J. Mullins. Non-deterministic admissible interference. J. of Universal Computer Science, 6(11):1054--1070, 2000.Google Scholar
S. Pinsky. Absorbing covers and intransitive non-interference. In Proc. IEEE Symp. on Security and Privacy, pages 102--113, May 1995. Google ScholarDigital Library
F. Prost. On the semantics of non-interference type-based analyses. In JFLA¿001, Journ' ees Francophones des Langages Applicatifs, January 2001.Google Scholar
A. W. Roscoe and M. H. Goldsmith. What is intransitive non-interference? In Proc. IEEE Computer Security Foundations Workshop, pages 228--238, June 1999. Google ScholarDigital Library
P. Ryan and S. Schneider. Process algebra and non-interference. In Proc. IEEE Computer Security Foundations Workshop, pages 214--227, June 1999. Google ScholarDigital Library
J. M. Rushby. Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-02, SRI International, 1992.Google Scholar
A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1):5--19, January 2003.Google ScholarDigital Library
A. Sabelfeld and A. C. Myers. A model for delimited information release. In Proc. International Symp. on Software Security (ISSS¿03), volume 3233 of LNCS, pages 174--191. Springer-Verlag, October 2004.Google ScholarCross Ref
A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. Higher Order and Symbolic Computation, 14(1):59--91, March 2001. Google ScholarDigital Library
A. Sabelfeld and D. Sands. Dimensions and principles of declassification. In Proc. IEEE Computer Security Foundations Workshop, pages 255--269, June 2005. Google ScholarDigital Library
A. Sabelfeld and D. Sands. Declassification: Dimensions and principles. J. Computer Security, 2007. To appear. Google ScholarDigital Library
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. J. Computer Security, 4(3):167--187, 1996. Google ScholarDigital Library
S. Zdancewic. Challenges for information-flow security. In Proc. Programming Language Interference and Dependence (PLID), August 2004.Google Scholar

Index Terms

Localized delimited release: combining the what and where dimensions of information release
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Security policies for downgrading
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

A long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security ...
Read More
Enforcing robust declassification and qualified robustness
Special issue on CSFW17

Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems release sensitive information as part of their intended function and therefore violate noninterference. To control ...
Read More
End-to-End Enforcement of Erasure and Declassification
CSF '08: Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium

Declassification occurs when the confidentiality of information is weakened; erasure occurs when the confidentiality of information is strengthened, perhaps to the point of completely removing the information from the system. This paper shows how to ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLAS '07: Proceedings of the 2007 workshop on Programming languages and analysis for security
June 2007
122 pages
ISBN:9781595937117
DOI:10.1145/1255329
General Chair:
Michael Hicks
University of Maryland, College Park, USA
Copyright © 2007 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 14 June 2007
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
de-classification
downgrading
information flow
noninterference
security policies
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate43of77submissions,56%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 43
  Total Citations
  View Citations
- 264
  Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Localized delimited release: combining the what and where dimensions of information release

PLAS '07: Proceedings of the 2007 workshop on Programming languages and analysis for security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Security policies for downgrading

Enforcing robust declassification and qualified robustness

End-to-End Enforcement of Erasure and Declassification