Sciweavers

Share
JCS
2006

Enforcing Robust Declassification and Qualified Robustness

10 years 2 months ago
Enforcing Robust Declassification and Qualified Robustness
Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems release sensitive information as part of their intended function and therefore violate noninterference. To control information flow while permitting information release, some systems have a downgrading or declassification mechanism, but this creates the danger that it may cause unintentional information release. This paper shows that a robustness property can be used to characterize programs in which declassification mechanisms cannot be controlled by attackers to release more information than intended. It describes a simple way to provably enforce this robustness property through a type-based compile-time program analysis. The paper also presents a generalization of robustness that supports upgrading (endorsing) data integrity.
Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic
Added 13 Dec 2010
Updated 13 Dec 2010
Type Journal
Year 2006
Where JCS
Authors Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic
Comments (0)
books