Required Information Release

Author

Chong, Stephen

Author_Institution

Sch. of Eng. & Appl. Sci., Harvard Univ., Cambridge, MA, USA

fYear

2010

Firstpage

215

Lastpage

227

Abstract

Many computer systems have a functional requirement to release information. Such requirements are an important part of a system´s information security requirements. Current information-flow control techniques are able to reason about permitted information flows, but not required information flows. In this paper, we introduce and explore the specification and enforcement of required information release in a language-based setting. We define semantic security conditions that express both what information a program is required to release, and how an observer is able to learn this information. We also consider the relationship between permitted and required information release, and define bounded release, which provides upper- and lower-bounds on the information a program releases. We show that both required information release and bounded release can be enforced using a security-type system.

Keywords

security of data; bounded release; computer systems; information-flow control techniques; language-based setting; lower bounds; program information release; security-type system; semantic security conditions; system information security; Credit cards; Information security; Joints; Marketing and sales; Observers; Semantics; Information flow; algorithmic knowledge; declassification; information release;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Symposium (CSF), 2010 23rd IEEE

Conference_Location

Edinburgh

ISSN

1940-1434

Print_ISBN

978-1-4244-7510-0

Electronic_ISBN

1940-1434

Type

conf

DOI

10.1109/CSF.2010.22

Filename

5552644