TY - GEN
T1 - Noninterference with dynamic security domains and policies
AU - Grabowski, Robert
AU - Beringer, Lennart
PY - 2009
Y1 - 2009
N2 - Language-based information flow analysis is used to statically examine a program for information flows between objects of different security domains, and to verify these flows follow a given policy. When the program is distributed as mobile code, it may access resources whose domains depend on the client environment, or may face different security policies. In proof-carrying code scenarios, it is desirable to give a single proof that the program executes securely in any of these situations. This paper presents an object-oriented, Java-like language with runtime security types that can be inspected to ensure that flows between accessed objects are actually allowed before operations inducing these flows are performed. A type system is used to statically prove that the flow tests included in the program are sufficient, such that a noninterference property for the program is ensured regardless of the domains of objects and the effective security policy. Also, the paper outlines how the concepts of the type system are transferred to a bytecode language.
AB - Language-based information flow analysis is used to statically examine a program for information flows between objects of different security domains, and to verify these flows follow a given policy. When the program is distributed as mobile code, it may access resources whose domains depend on the client environment, or may face different security policies. In proof-carrying code scenarios, it is desirable to give a single proof that the program executes securely in any of these situations. This paper presents an object-oriented, Java-like language with runtime security types that can be inspected to ensure that flows between accessed objects are actually allowed before operations inducing these flows are performed. A type system is used to statically prove that the flow tests included in the program are sufficient, such that a noninterference property for the program is ensured regardless of the domains of objects and the effective security policy. Also, the paper outlines how the concepts of the type system are transferred to a bytecode language.
UR - http://www.scopus.com/inward/record.url?scp=76549107762&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=76549107762&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-10622-4_5
DO - 10.1007/978-3-642-10622-4_5
M3 - Conference contribution
AN - SCOPUS:76549107762
SN - 3642106218
SN - 9783642106217
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 54
EP - 68
BT - Advances in Computer Science - ASIAN 2009
T2 - 13th Asian Computing Science Conference, ASIAN 2009
Y2 - 14 December 2009 through 16 December 2009
ER -