Inference of Expressive Declassification Policies

Jeffrey A. Vaughan, Stephen Chong
2011 2011 IEEE Symposium on Security and Privacy  
We explore the inference of expressive humanreadable declassification policies as a step towards providing practical tools and techniques for strong language-based information security. Security-type systems can enforce expressive informationsecurity policies, but can require enormous programmer effort before any security benefit is realized. To reduce the burden on the programmer, we focus on inference of expressive yet intuitive information-security policies from programs with few programmer
more » ... nnotations. We define a novel security policy language that can express what information a program may release, under what conditions (or, when) such release may occur, and which procedures are involved with the release (or, where in the code the release occur). We describe a dataflow analysis for precisely inferring these policies, and build a tool that instantiates this analysis for the Java programming language. We validate the policies, analysis, and our implementation by applying the tool to a collection of simple Java programs. Keywords-declassification policies, information flow, language based security, inference of security policies.
doi:10.1109/sp.2011.20 dblp:conf/sp/VaughanC11 fatcat:gp36zzgr4rhhdis5zbcdmugxyu