• DocumentCode
    3129349
  • Title

    Enforcing robust declassification

  • Author

    Myers, Andrew C. ; Sabelfeld, Andrei ; Zdancewic, Steve

  • Author_Institution
    Dept. of Comput. Sci., Cornell Univ., Ithaca, NY, USA
  • fYear
    2004
  • fDate
    28-30 June 2004
  • Firstpage
    172
  • Lastpage
    186
  • Abstract
    Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems perform intentional release of sensitive information as part of their correct functioning and therefore violate noninterference. To control information flow while permitting intentional information release, some systems have a downgrading or declassification mechanism. A major danger of such a mechanism is that it may cause unintentional information release. This paper shows that a robustness property can be used to characterize programs in which declassification mechanisms cannot be exploited by attackers to release more information than intended. It describes a simple way to provably enforce this robustness property through a type-based compile-time program analysis. The paper also presents a generalization of robustness that supports upgrading (endorsing) data integrity.
  • Keywords
    data flow analysis; data integrity; robust control; security of data; attackers; compile-time program analysis; data integrity; downgrading mechanism; information flow control; information release; noninterference; program characterization; public data; robust declassification; sensitive information; type-based program analysis; Computer languages; Computer science; Computer security; Control systems; Data flow computing; Data security; Information science; Information security; Mechanical factors; Robustness;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE
  • ISSN
    1063-6900
  • Print_ISBN
    0-7695-2169-X
  • Type

    conf

  • DOI
    10.1109/CSFW.2004.1310740
  • Filename
    1310740