• DocumentCode
    1601391
  • Title

    Expressive Declassification Policies and Modular Static Enforcement

  • Author

    Banerjee, Anindya ; Naumann, David A. ; Rosenberg, Stan

  • Author_Institution
    Microsoft Res., Kansas State Univ., Redmond, WA
  • fYear
    2008
  • Firstpage
    339
  • Lastpage
    353
  • Abstract
    This paper provides a way to specify expressive declassification policies, in particular, when, what, and where policies that include conditions under which downgrading is allowed. Secondly, an end-to-end semantic property is introduced, based on a model that allows observations of intermediate low states as well as termination. An attacker´s knowledge only increases at explicit declassification steps, and within limits set by policy. Thirdly, static enforcement is provided by combining type-checking with program verification techniques applied to the small subprograms that carry out declassifications. Enforcement is proved sound for a simple programming language and the extension to object-oriented programs is described.
  • Keywords
    object-oriented languages; program verification; semantic networks; end-to-end semantic property; expressive declassification policies; modular static enforcement; object-oriented programs; program verification techniques; programming language; static enforcement; type-checking; Access control; Computer languages; Costs; Cryptography; Data security; Information security; Object oriented modeling; Power system modeling; Privacy; Protection; declassification; downgrading; information flow; verification;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2008. SP 2008. IEEE Symposium on
  • Conference_Location
    Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    978-0-7695-3168-7
  • Type

    conf

  • DOI
    10.1109/SP.2008.20
  • Filename
    4531163
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1601391