DocumentCode
2350820
Title
Inference of Expressive Declassification Policies
Author
Vaughan, Jeffrey A. ; Chong, Stephen
Author_Institution
Univ. of California, Los Angeles, CA, USA
fYear
2011
fDate
22-25 May 2011
Firstpage
180
Lastpage
195
Abstract
We explore the inference of expressive human-readable declassification policies as a step towards providing practical tools and techniques for strong language-based information security. Security-type systems can enforce expressive information-security policies, but can require enormous programmer effort before any security benefit is realized. To reduce the burden on the programmer, we focus on inference of expressive yet intuitive information-security policies from programs with few programmer annotations. We define a novel security policy language that can express what information a program may release, under what conditions (or, when) such release may occur, and which procedures are involved with the release (or, where in the code the release occur). We describe a dataflow analysis for precisely inferring these policies, and build a tool that instantiates this analysis for the Java programming language. We validate the policies, analysis, and our implementation by applying the tool to a collection of simple Java programs.
Keywords
Java; data flow analysis; inference mechanisms; security of data; Java programming language; dataflow analysis; expressive human-readable declassification policies; language-based information security; security policy language; security-type systems; Information security; Java; Observers; Semantics; Syntactics; declassification policies; inference of security policies; information flow; language-based security;
fLanguage
English
Publisher
ieee
Conference_Titel
Security and Privacy (SP), 2011 IEEE Symposium on
Conference_Location
Berkeley, CA
ISSN
1081-6011
Print_ISBN
978-1-4577-0147-4
Electronic_ISBN
1081-6011
Type
conf
DOI
10.1109/SP.2011.20
Filename
5958029
Link To Document