Run-time principals in information-flow type systems

IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004 Pub Date : 2004-05-09 DOI:10.1145/1290520.1290526

Stephen Tse, S. Zdancewic

{"title":"Run-time principals in information-flow type systems","authors":"Stephen Tse, S. Zdancewic","doi":"10.1145/1290520.1290526","DOIUrl":null,"url":null,"abstract":"Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in term of static information-data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running. This paper studies language support for run-time principals, a mechanism for specifying information-flow security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification. In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains.","PeriodicalId":447471,"journal":{"name":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"102","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1290520.1290526","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 102

Abstract

Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in term of static information-data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running. This paper studies language support for run-time principals, a mechanism for specifying information-flow security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification. In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains.

查看原文本刊更多论文

信息流类型系统中的运行时主体

信息流类型系统是执行强大的端到端机密性和完整性策略的一种很有前途的方法。然而，这些策略通常是根据静态信息来指定的——数据在编译时被标记为高安全性或低安全性。在实践中，数据的机密性可能取决于仅在系统运行时可用的信息。本文研究了对运行时主体的语言支持，运行时主体是一种指定信息流安全策略的机制，该策略依赖于哪些主体与系统交互。我们为用这种语言编写的程序建立了不干扰的基本属性，并使用运行时原则来指定降级机制(如解密)中的运行时权限。除了允许更具表现力的安全策略之外，运行时主体还支持将基于语言的安全机制与其他现有方法(如Java堆栈检查和公钥基础设施)集成。我们通过公钥勾画了运行时主体的实现，这样主体委托就可以通过证书链进行验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004

自引率

0.00%

发文量