• DocumentCode
    2350820
  • Title

    Inference of Expressive Declassification Policies

  • Author

    Vaughan, Jeffrey A. ; Chong, Stephen

  • Author_Institution
    Univ. of California, Los Angeles, CA, USA
  • fYear
    2011
  • fDate
    22-25 May 2011
  • Firstpage
    180
  • Lastpage
    195
  • Abstract
    We explore the inference of expressive human-readable declassification policies as a step towards providing practical tools and techniques for strong language-based information security. Security-type systems can enforce expressive information-security policies, but can require enormous programmer effort before any security benefit is realized. To reduce the burden on the programmer, we focus on inference of expressive yet intuitive information-security policies from programs with few programmer annotations. We define a novel security policy language that can express what information a program may release, under what conditions (or, when) such release may occur, and which procedures are involved with the release (or, where in the code the release occur). We describe a dataflow analysis for precisely inferring these policies, and build a tool that instantiates this analysis for the Java programming language. We validate the policies, analysis, and our implementation by applying the tool to a collection of simple Java programs.
  • Keywords
    Java; data flow analysis; inference mechanisms; security of data; Java programming language; dataflow analysis; expressive human-readable declassification policies; language-based information security; security policy language; security-type systems; Information security; Java; Observers; Semantics; Syntactics; declassification policies; inference of security policies; information flow; language-based security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy (SP), 2011 IEEE Symposium on
  • Conference_Location
    Berkeley, CA
  • ISSN
    1081-6011
  • Print_ISBN
    978-1-4577-0147-4
  • Electronic_ISBN
    1081-6011
  • Type

    conf

  • DOI
    10.1109/SP.2011.20
  • Filename
    5958029