Title :
Expressive Declassification Policies and Modular Static Enforcement
Author :
Banerjee, Anindya ; Naumann, David A. ; Rosenberg, Stan
Author_Institution :
Microsoft Res., Kansas State Univ., Redmond, WA
Abstract :
This paper provides a way to specify expressive declassification policies, in particular, when, what, and where policies that include conditions under which downgrading is allowed. Secondly, an end-to-end semantic property is introduced, based on a model that allows observations of intermediate low states as well as termination. An attacker´s knowledge only increases at explicit declassification steps, and within limits set by policy. Thirdly, static enforcement is provided by combining type-checking with program verification techniques applied to the small subprograms that carry out declassifications. Enforcement is proved sound for a simple programming language and the extension to object-oriented programs is described.
Keywords :
object-oriented languages; program verification; semantic networks; end-to-end semantic property; expressive declassification policies; modular static enforcement; object-oriented programs; program verification techniques; programming language; static enforcement; type-checking; Access control; Computer languages; Costs; Cryptography; Data security; Information security; Object oriented modeling; Power system modeling; Privacy; Protection; declassification; downgrading; information flow; verification;
Conference_Titel :
Security and Privacy, 2008. SP 2008. IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
978-0-7695-3168-7
