Title :
Inference of Expressive Declassification Policies
Author :
Vaughan, Jeffrey A. ; Chong, Stephen
Author_Institution :
Univ. of California, Los Angeles, CA, USA
Abstract :
We explore the inference of expressive human-readable declassification policies as a step towards providing practical tools and techniques for strong language-based information security. Security-type systems can enforce expressive information-security policies, but can require enormous programmer effort before any security benefit is realized. To reduce the burden on the programmer, we focus on inference of expressive yet intuitive information-security policies from programs with few programmer annotations. We define a novel security policy language that can express what information a program may release, under what conditions (or, when) such release may occur, and which procedures are involved with the release (or, where in the code the release occur). We describe a dataflow analysis for precisely inferring these policies, and build a tool that instantiates this analysis for the Java programming language. We validate the policies, analysis, and our implementation by applying the tool to a collection of simple Java programs.
Keywords :
Java; data flow analysis; inference mechanisms; security of data; Java programming language; dataflow analysis; expressive human-readable declassification policies; language-based information security; security policy language; security-type systems; Information security; Java; Observers; Semantics; Syntactics; declassification policies; inference of security policies; information flow; language-based security;
Conference_Titel :
Security and Privacy (SP), 2011 IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
978-1-4577-0147-4
Electronic_ISBN :
1081-6011
