Noninterference with dynamic security domains and policies

Robert Grabowski, Lennart Beringer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Language-based information flow analysis is used to statically examine a program for information flows between objects of different security domains, and to verify these flows follow a given policy. When the program is distributed as mobile code, it may access resources whose domains depend on the client environment, or may face different security policies. In proof-carrying code scenarios, it is desirable to give a single proof that the program executes securely in any of these situations. This paper presents an object-oriented, Java-like language with runtime security types that can be inspected to ensure that flows between accessed objects are actually allowed before operations inducing these flows are performed. A type system is used to statically prove that the flow tests included in the program are sufficient, such that a noninterference property for the program is ensured regardless of the domains of objects and the effective security policy. Also, the paper outlines how the concepts of the type system are transferred to a bytecode language.

Original languageEnglish (US)
Title of host publicationAdvances in Computer Science - ASIAN 2009
Subtitle of host publicationInformation Security and Privacy - 13th Asian Computing Science Conference, Proceedings
Pages54-68
Number of pages15
DOIs
StatePublished - 2009
Externally publishedYes
Event13th Asian Computing Science Conference, ASIAN 2009 - Seoul, Korea, Republic of
Duration: Dec 14 2009Dec 16 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5913 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th Asian Computing Science Conference, ASIAN 2009
Country/TerritoryKorea, Republic of
CitySeoul
Period12/14/0912/16/09

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Noninterference with dynamic security domains and policies'. Together they form a unique fingerprint.

Cite this