Filters








897 Hits in 2.2 sec

Type-based Declassification for Free [article]

Minh Ngo and David A. Naumann and Tamara Rezk
2020 arXiv   pre-print
This work provides a study to demonstrate the potential of using off-the-shelf programming languages and their theories to build sound language-based-security tools.  ...  Our study focuses on information flow security encompassing declassification policies that allow us to express flexible security policies needed for practical requirements.  ...  We thank anonymous reviewers for their suggestions.  ... 
arXiv:1905.00922v3 fatcat:zz5kbzhkxzdifh2bzgtsicyjm4

Type Abstraction for Relaxed Noninterference

Raimil Cruz, Tamara Rezk, Bernard Serpette, Éric Tanter, Marc Herbstritt
2017 European Conference on Object-Oriented Programming  
label ordering based on subtyping, support for recursive declassification policies, and a local, modular reasoning principle for relaxed noninterference.  ...  This work paves the way for integrating declassification policies in practical security-typed languages.  ...  Type-based relaxed noninterference.  ... 
doi:10.4230/lipics.ecoop.2017.7 dblp:conf/ecoop/CruzRST17 fatcat:dyri5m3yzre3hii4rt2bbjcjdm

Secure Information Flow for Concurrent Programs under Total Store Order

Jeffrey A. Vaughan, Todd Millstein
2012 2012 IEEE 25th Computer Security Foundations Symposium  
Finally, we show that the original type system is in fact sound under TSO for programs that are free of data races.  ...  We define a simple type system for possibilistic noninterference under SC and demonstrate that it is unsound under TSO.  ...  A type system for possibilistic noninterference of TSO programs.  ... 
doi:10.1109/csf.2012.20 dblp:conf/csfw/VaughanM12 fatcat:kqoqrjmmlzfe3jdcznogzd6mei

Page 270 of SPE Reservoir Evaluation & Engineering Vol. 4, Issue 4 [page]

2001 SPE Reservoir Evaluation & Engineering  
sources. ¢ Collect a spectrum of nuclear magnetic resonance (NMR) relaxation times suitable for input to lithology models that estimate bound-fluid volumes, free-fluid volumes, and rock permeability.  ...  Table 1 summarizes the data acquisition parameters for the wireline tool (using the MRIL-Prime as base comparison) for both RL mode (while drilling) and EL mode (measurement after drilling, or MAD).  ... 

Declassification: Dimensions and principles

Andrei Sabelfeld, David Sands, J.D. Guttman
2009 Journal of Computer Security  
These principles shed light on existing definitions and may also serve as useful "sanity checks" for emerging models.  ...  A principal security concern for systems permitting information release is whether this release is safe: is it possible that the attacker compromises the information release mechanism and extracts more  ...  Myers and Pablo Giambiagi for fruitful discussions.  ... 
doi:10.3233/jcs-2009-0352 fatcat:c6ngeq6bbrgnvfdc6r3jjqz77a

Downgrading policies and relaxed noninterference

Peng Li, Steve Zdancewic
2005 SIGPLAN notices  
This relaxed noninterference generalizes traditional pure noninterference and precisely characterizes the information released due to downgrading.  ...  In traditional information-flow type systems, the security policy is often formalized as noninterference properties.  ...  Acknowledgements We would like to thank Stephen Chong, Stephen Tse, Geoffrey Washburn and the POPL reviewers for their valuable feedbacks and extensive proofreading of the original draft.  ... 
doi:10.1145/1047659.1040319 fatcat:sko6eopu5beqxg7soswl2yww5a

Downgrading policies and relaxed noninterference

Peng Li, Steve Zdancewic
2005 Proceedings of the 32nd ACM SIGPLAN-SIGACT sysposium on Principles of programming languages - POPL '05  
This relaxed noninterference generalizes traditional pure noninterference and precisely characterizes the information released due to downgrading.  ...  In traditional information-flow type systems, the security policy is often formalized as noninterference properties.  ...  Acknowledgements We would like to thank Stephen Chong, Stephen Tse, Geoffrey Washburn and the POPL reviewers for their valuable feedbacks and extensive proofreading of the original draft.  ... 
doi:10.1145/1040305.1040319 dblp:conf/popl/LiZ05 fatcat:vtrd4zzvbvao3grekvto4ae4z4

Automated enforcement for relaxed information release with reference points

Cong Sun, Ning Xi, Sheng Gao, Zhong Chen, JianFeng Ma
2014 Science China Information Sciences  
These intentional releases, also called declassifications, are regulated by several more relaxed security properties than noninterference.  ...  The related techniques to enforce this kind of security properties include type systems, program logics, abstract interpretation, automated verification, program slicing based on dependent graphs, and  ...  Compared with the type-based approaches, automated verification is considered more precise and has been adopted to enforce noninterference.  ... 
doi:10.1007/s11432-014-5168-7 fatcat:tq6vpmgel5gujdjvoq73v3kbcm

A New Enforcement on Declassification with Reachability Analysis [article]

Cong Sun, Liyong Tang, Zhong Chen
2011 arXiv   pre-print
The evaluation shows that our approach is more precise than type-based enforcement.  ...  Recent concerns about declassification polices have provided many choices for practical intended information release, but more precise enforcement mechanism for these policies is insufficiently studied  ...  We also thank Ennan Zhai for helpful comments and the anonymous reviewers for useful feedback. This research is partially sup-  ... 
arXiv:1108.4172v1 fatcat:tv4yqbhkzfc5fpdfkyhk7i6mjy

Typing illegal information flows as program effects

Ana Almeida Matos, José Fragoso Santos
2012 Proceedings of the 7th Workshop on Programming Languages and Analysis for Security - PLAS '12  
We present a type and effect system for determining the least permissive relaxation of a given confidentiality policy that allows to type a program, given a fixed security labeling.  ...  Effect soundness, optimality and preservation results are presented for the proposed type and effect system, for programs written in a concurrent higher-order imperative lambda-calculus with reference  ...  Acknowledgments The authors would like to thank the Indes team at INRIA and all anonymous reviewers for discussions and comments that have improved the final outcome of the paper.  ... 
doi:10.1145/2336717.2336718 dblp:conf/pldi/MatosS12 fatcat:l7gnpj6yzvgo5iuimyd54a2tnq

Page 169 of Journal of the American Psychiatric Nurses Association Vol. 9, Issue 5 [page]

2003 Journal of the American Psychiatric Nurses Association  
friends Expresses noninterference with decision-making process by health care providers Expresses noninterference with decision-making process by other: Makes decisions free from undue pressure October  ...  Of the 11 indicators cited above, the nurse selects only those appropriate for the patient based on a thorough assessment.  ... 

Who Can Declassify? [chapter]

Alexander Lux, Heiko Mantel
2009 Lecture Notes in Computer Science  
The aim of our project is to provide adequate control for declassification in language-based security.  ...  Noninterference provides reliable guarantees for the confidentiality of sensitive information, but it is too restrictive if exceptions shall be permitted.  ...  We thank the anonymous reviewers for their suggestions.  ... 
doi:10.1007/978-3-642-01465-9_3 fatcat:ztw3fobepvardojqbkur2pe6k4

Security policies for downgrading

Stephen Chong, Andrew C. Myers
2004 Proceedings of the 11th ACM conference on Computer and communications security - CCS '04  
These policies are connected to a semantic security condition that generalizes noninterference, and the type system is shown to enforce this security condition.  ...  This paper presents security policies for downgrading and a security type system that incorporates them, allowing secure downgrading of information through an explicit declassification operation.  ...  for providing helpful feedback.  ... 
doi:10.1145/1030083.1030110 dblp:conf/ccs/ChongM04 fatcat:xtnq3aqow5azfcdpz2bx25sizm

Controlling the What and Where of Declassification in Language-Based Security [chapter]

Heiko Mantel, Alexander Reinhard
2007 Lecture Notes in Computer Science  
Moreover, we present a type-based security analysis and, as another novelty, prove a soundness result that considers more than one dimension of declassification.  ...  While a rigorous information flow analysis is a key step in obtaining meaningful end-to-end confidentiality guarantees, one must also permit possibilities for declassification.  ...  We thank Henning Sudbrock for helpful comments. We also thank the anonymous reviewers for their suggestions.  ... 
doi:10.1007/978-3-540-71316-6_11 fatcat:2l67f5qzsnaurgbo6lgx2xxwjy

Automated Analysis of Java Methods for Confidentiality [chapter]

Pavol Černý, Rajeev Alur
2009 Lecture Notes in Computer Science  
We develop an automated analysis technique for such properties. We show that both over-and under-approximation is needed for sound analysis.  ...  We address the problem of analyzing programs such as J2ME midlets for mobile devices, where a central correctness requirement concerns confidentiality of data that the user wants to keep secret.  ...  See [25] for a survey of the research on noninterference and [22] for a Java-based programming language with a type systems that supports information flow control based on noninterference.  ... 
doi:10.1007/978-3-642-02658-4_16 fatcat:wdkg3qwi55hvteuokjmjffrktm
« Previous Showing results 1 — 15 out of 897 results