Managing policy updates in security-typed languages

Author

Swamy, Nikhil ; Hicks, Michael ; Tse, Stephen ; Zdancewic, Steve

Author_Institution

Maryland Univ., College Park, MD

fYear

0

fDate

0-0 0

Lastpage

216

Abstract

This paper presents Rx, a new security-typed programming language with features intended to make the management of information-flow policies more practical. Security labels in Rx, in contrast to prior approaches, are defined in terms of owned roles, as found in the RT role-based trust-management framework. Role-based security policies allow flexible delegation, and our language Rx provides constructs through which programs can robustly update policies and react to policy updates dynamically. Our dynamic semantics use statically verified transactions to eliminate illegal information flows across updates, which we call transitive flows. Because policy updates can be observed through dynamic queries, policy updates can potentially reveal sensitive information. As such, Rx considers policy statements themselves to be potentially confidential information and subject to information-flow metapolicies

Keywords

high level languages; security of data; RT role-based trust-management framework; Rx security-typed programming language; dynamic queries; dynamic semantics; information-flow policy management; policy update management; role-based security policies; statically verified transactions; transitive flows; Access control; Computer languages; Data security; Database systems; Educational institutions; Information security; Lattices; Network servers; Operating systems; Robustness;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop, 2006. 19th IEEE

Conference_Location

Venice

ISSN

1063-6900

Print_ISBN

0-7695-2615-2

Type

conf

DOI

10.1109/CSFW.2006.17

Filename

1648719