Title :
Stateful Declassification Policies for Event-Driven Programs
Author :
Vanhoef, Mathy ; De Groef, Willem ; Devriese, Dominique ; Piessens, Frank ; Rezk, Tamara
Author_Institution :
iMinds-DistriNe, KU Leuven, Leuven, Belgium
Abstract :
We propose a novel mechanism for enforcing information flow policies with support for declassification on event-driven programs. Declassification policies consist of two functions. First, a projection function specifies for each confidential event what information in the event can be declassified directly. This generalizes the traditional security labelling of inputs. Second, a stateful release function specifies the aggregate information about all confidential events seen so far that can be declassified. We provide evidence that such declassification policies are useful in the context of Java Script web applications. An enforcement mechanism for our policies is presented and its soundness and precision is proven. Finally, we give evidence of practicality by implementing and evaluating the mechanism in a browser.
Keywords :
object-oriented programming; pattern classification; security of data; Java Script Web applications; aggregate information; confidential events; enforcement mechanism; event-driven programs; information flow policy; projection function; security labelling; stateful declassification policy; stateful release function; Browsers; Global Positioning System; Labeling; Monitoring; Observers; Presses; Security;
Conference_Titel :
Computer Security Foundations Symposium (CSF), 2014 IEEE 27th
Conference_Location :
Vienna
DOI :
10.1109/CSF.2014.28
