Required Information Release

10 years 5 months ago
Required Information Release
Abstract—Many computer systems have a functional requirement to release information. Such requirements are an important part of a system’s information security requirements. Current information-flow control techniques are able to reason about permitted information flows, but not required information flows. In this paper, we introduce and explore the specification and enforcement of required information release in a languagebased setting. We define semantic security conditions that express both what information a program is required to release, and how an observer is able to learn this information. We also consider the relationship between permitted and required information release, and define bounded release, which provides upper- and lower-bounds on the information a program releases. We show that both required information release and bounded release can be enforced using a security-type system. Keywords-Information flow, declassification, information release, algorithmic ...
Stephen Chong
Added 15 Aug 2010
Updated 15 Aug 2010
Type Conference
Year 2010
Where CSFW
Authors Stephen Chong
Comments (0)