Language-based information-flow security

Author

Sabelfeld, Andrei ; Myers, Andrew C.

Author_Institution

Comput. Sci. Dept., Cornell Univ., Ithaca, NY, USA

Volume

21

Issue

1

fYear

2003

fDate

1/1/2003 12:00:00 AM

Firstpage

5

Lastpage

19

Abstract

Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker´s observations of system output; this policy regulates information flow. Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Previously, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this paper, we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of work in the area and identify some important open challenges.

Keywords

computer networks; programming languages; reviews; security of data; telecommunication security; attacker; computing system; confidentiality; covert channels; end-to-end behavior; information-flow policies; language-based information-flow security; programming-language techniques; secret input data; security policies; static program analysis; Access control; Computer security; Concurrent computing; Cryptography; Data security; Information analysis; Information security; Information systems; Military computing; Protection;

fLanguage

English

Journal_Title

Selected Areas in Communications, IEEE Journal on

Publisher

ieee

ISSN

0733-8716

Type

jour

DOI

10.1109/JSAC.2002.806121

Filename

1159651