DocumentCode :
3255745
Title :
Tight Enforcement of Information-Release Policies for Dynamic Languages
Author :
Askarov, Aslan ; Sabelfeld, Andrei
Author_Institution :
Dept. of Comput. Sci., Cornell Univ., Ithaca, NY, USA
fYear :
2009
fDate :
8-10 July 2009
Firstpage :
43
Lastpage :
59
Abstract :
This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both termination-sensitive and insensitive security policies.
Keywords :
distributed processing; high level languages; program diagnostics; communication primitive; dynamic code evaluation; dynamic languages; information-release policies; intuitive framework; modular enforcement; static analysis; tight enforcement; Acoustical engineering; Communication system security; Computer science; Computer security; Credit cards; Information analysis; Information security; Java; Monitoring; Remuneration; declassification; information flow; language-based security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Foundations Symposium, 2009. CSF '09. 22nd IEEE
Conference_Location :
Port Jefferson, NY
ISSN :
1940-1434
Print_ISBN :
978-0-7695-3712-2
Type :
conf
DOI :
10.1109/CSF.2009.22
Filename :
5230486
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3255745
بازگشت