Filters








171 Hits in 2.9 sec

Enforcing Robust Declassification and Qualified Robustness

Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic, Riccardo Focardi
2006 Journal of Computer Security  
It describes a simple way to provably enforce this robustness property through a type-based compile-time program analysis.  ...  This paper shows that a robustness property can be used to characterize programs in which declassification mechanisms cannot be controlled by attackers to release more information than intended.  ...  Acknowledgments Thanks are due to David Naumann, David Sands, Stephen Chong, Daniel Hedin, Fred Schneider, and the anonymous reviewers for their useful feedback.  ... 
doi:10.3233/jcs-2006-14203 fatcat:tnahsmwtnfb7tfwx5g2aqfg6q4

It's My Privilege: Controlling Downgrading in DC-Labels [chapter]

Lucas Waye, Pablo Buiras, Dan King, Stephen Chong, Alejandro Russo
2015 Lecture Notes in Computer Science  
We extend DC-labels with the novel notions of bounded privileges and robust privileges. Bounded privileges specify and enforce upper and lower bounds on the labels of data that may be downgraded.  ...  We provide sound and complete run-time security checks to ensure downgrading operations are robust.  ...  [16] enforce robust declassification with a security type system [19, 24] , and introduce qualified robustness, which extends the concept to reason about endorsement.  ... 
doi:10.1007/978-3-319-24858-5_13 fatcat:3elaa6lgfnbcpgjg4rmtzhtq4y

A Semantic Framework for Declassification and Endorsement [chapter]

Aslan Askarov, Andrew Myers
2010 Lecture Notes in Computer Science  
The framework is flexible enough to recover and to improve on the previously introduced notions of robustness and qualified robustness.  ...  This approach yields novel security conditions for checked endorsements and robust integrity.  ...  The prior work also develops type systems for enforcing robust declassification, which are implemented as part of Jif [15] . However, the security conditions for robustness are not satisfactory.  ... 
doi:10.1007/978-3-642-11957-6_5 fatcat:nd72zgaapnflbie4fiw2qgee2u

Nonmalleable Information Flow Control

Ethan Cecchetti, Andrew C. Myers, Owen Arden
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
robust declassification and transparent endorsement.  ...  Robust declassification appeared to break the duality of confidentiality and integrity by making confidentiality depend on integrity, but transparent endorsement makes integrity depend on confidentiality  ...  Rx constrains updates to roles similarly to previous type systems that enforce robust declassification and qualified robustness but does not prevent opaque endorsements.  ... 
doi:10.1145/3133956.3134054 dblp:conf/ccs/CecchettiMA17 fatcat:m6argfqthfcxdpjfkvnrnqqeii

Declassification: Dimensions and principles

Andrei Sabelfeld, David Sands, J.D. Guttman
2009 Journal of Computer Security  
With a general declassification framework as a long-term goal, we identify some prudent principles of declassification.  ...  These principles shed light on existing definitions and may also serve as useful "sanity checks" for emerging models.  ...  Myers and Pablo Giambiagi for fruitful discussions.  ... 
doi:10.3233/jcs-2009-0352 fatcat:c6ngeq6bbrgnvfdc6r3jjqz77a

Attacker Control and Impact for Confidentiality and Integrity

Aslan Askarov, Andrew Myers, Michael Hicks
2011 Logical Methods in Computer Science  
The framework is flexible enough to recover and to improve on the previously introduced notions of robustness and qualified robustness.  ...  This approach yields novel security conditions for checked endorsements and robust integrity.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies  ... 
doi:10.2168/lmcs-7(3:17)2011 fatcat:ondjnwnxffdkjad5d6rvinymsa

Nonmalleable Information Flow: Technical Report [article]

Ethan Cecchetti and Andrew C. Myers and Owen Arden
2017 arXiv   pre-print
robust declassification and transparent endorsement.  ...  Robust declassification appeared to break the duality of confidentiality and integrity by making confidentiality depend on integrity, but transparent endorsement makes integrity depend on confidentiality  ...  Tom Magrino, Yizhou Zhang, and the anonymous reviewers gave us useful feedback on the paper. Funding for this work was provided by NSF grants 1513797 and 1524052, and by a gift from Google.  ... 
arXiv:1708.08596v2 fatcat:5ycmxwn2rvfylcelme2brkbulq

A Model for Delimited Information Release [chapter]

Andrei Sabelfeld, Andrew C. Myers
2004 Lecture Notes in Computer Science  
In addition, a security type system is given that straightforwardly and provably enforces delimited release.  ...  However, many intuitively secure programs do allow some release, or declassification, of secret information (e.g., password checking, information purchase, and spreadsheet computation).  ...  Acknowledgment Thanks are due to Fabio Martinelli, David Sands, Eijiro Sumii, and Steve Zdancewic for helpful comments.  ... 
doi:10.1007/978-3-540-37621-7_9 fatcat:sr33oc572ncu3f4zsjewml6cim

A Dependently Typed Library for Static Information-Flow Control in Idris [chapter]

Simon Gregersen, Søren Eller Thomsen, Aslan Askarov
2019 Research Series on the Chinese Dream and China's Development Path  
Finally, we show novel and powerful means of specifying statically enforced declassification policies using dependent types.  ...  Pure functional programming languages, like Haskell, make it possible to enforce lightweight information-flow control through libraries like MAC by Russo.  ...  Thanks are due to Mathias Vorreiter Pedersen, Bas Spitters, Alejandro Russo, and Marco Vassena for their valuable insights and the anonymous reviewers for their comments on this paper.  ... 
doi:10.1007/978-3-030-17138-4_3 dblp:conf/post/GregersenTA19 fatcat:6czmxk7yubhjpoy5jlmlkgps4e

Flow-Limited Authorization

Owen Arden, Jed Liu, Andrew C. Myers
2015 2015 IEEE 28th Computer Security Foundations Symposium  
Enforcing the confidentiality and integrity of information is critical in distributed applications.  ...  Flame uses type-level constraints and monadic effects to statically enforce flow-limited authorization for Haskell programs in a modular way.  ...  One of these approaches, robust privileges, is conjectured to enforce a property analogous to robust declassification and qualified robustness in the DLM.  ... 
doi:10.1109/csf.2015.42 dblp:conf/csfw/ArdenLM15 fatcat:sxrbaf5vyffyfdhafjvqnqmyry

A Calculus for Flow-Limited Authorization

Owen Arden, Andrew C. Myers
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
These guarantees include noninterference and robust declassification, which prevent attackers from influencing information disclosures in unauthorized ways.  ...  We prove these security properties formally for all FLAC programs and explore the expressiveness of FLAC with several examples.  ...  ACKNOWLEDGMENTS We thank Mike George, Elaine Shi, and Fred Schneider for helpful discussions, our anonymous reviewers for their comments and suggestions, and Jed Liu and Matt Stillerman for feedback on  ... 
doi:10.1109/csf.2016.17 dblp:conf/csfw/ArdenM16 fatcat:mplpyj3r4bef5ip6ojubabceem

Abstract non-interference

Roberto Giacobazzi, Isabella Mastroeni
2004 Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '04  
and reasoning about information-flow in programming languages.  ...  Due to its semantic-based approach and the generality of abstract interpretation and non-interference notions, abstract non-interference can be fairly considered as a unifying theory for understanding  ...  The key point of this paper is the proof that both robust and qualified declassification can be enforced by a compile-time program analysis based on a simple type system.  ... 
doi:10.1145/964001.964017 dblp:conf/popl/GiacobazziM04 fatcat:ne3s25yfdvcz5ojkzbi6nqg36q

Secure multi-execution: Fine-grained, declassification-aware, and transparent

Willard Rafnsson, Andrei Sabelfeld
2016 Journal of Computer Security  
Third, we introduce a declassification model for secure multi-execution that allows expressing what information can be released and where it can be released.  ...  Secure multi-execution (SME) is an elegant way to enforce security by executing a given program multiple times, once for each security level, while carefully dispatching inputs and ensuring that an execution  ...  Acknowledgments Thanks are due to Frank Piessens for generous feedback, and to Daniel Hedin, and David Sands for the useful discussions.  ... 
doi:10.3233/jcs-150541 fatcat:mwi3i4rod5bu3io4ltlfb2eq5u

Secure Multi-execution: Fine-Grained, Declassification-Aware, and Transparent

Willard Rafnsson, Andrei Sabelfeld
2013 2013 IEEE 26th Computer Security Foundations Symposium  
Third, we introduce a declassification model for secure multi-execution that allows expressing what information can be released and where it can be released.  ...  Secure multi-execution (SME) is an elegant way to enforce security by executing a given program multiple times, once for each security level, while carefully dispatching inputs and ensuring that an execution  ...  Acknowledgments Thanks are due to Frank Piessens for generous feedback, and to Daniel Hedin, and David Sands for the useful discussions.  ... 
doi:10.1109/csf.2013.10 dblp:conf/csfw/RafnssonS13 fatcat:rfhzsmmqonaqvcb46vyqilzivm

Sharing Mobile Code Securely with Information Flow Control

Owen Arden, Michael D. George, Jed Liu, K. Vikram, Aslan Askarov, Andrew C. Myers
2012 2012 IEEE Symposium on Security and Privacy  
We show that these constraints offer principled enforcement of strong security while avoiding the limitations of current mobile-code security mechanisms.  ...  IEEE Symposium on Security and Privacy  ...  Danfeng Zhang improved declassification and error reporting.  ... 
doi:10.1109/sp.2012.22 dblp:conf/sp/ArdenGLVAM12 fatcat:srz5xyq3avdlfn2shojv4l4zka
« Previous Showing results 1 — 15 out of 171 results