Type-based distributed access control

Abstract

The key-based decentralized label model (KDLM) is a type system that combines a weak form of information flow control, termed distributed access control in the article, with typed cryptographic operations. The motivation is to have a type system that ensures access control while giving the application the responsibility to secure network communications, and to do this safely. KDLM introduces the notion of declassification certificates to support the declassification of encrypted data.