Tight Enforcement of Information-Release Policies for Dynamic Languages
- 1 July 2009
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- Vol. 3233 (10636900) , 43-59
- https://doi.org/10.1109/csf.2009.22
Abstract
This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both termination-sensitive and insensitive security policies.Keywords
This publication has 25 references indexed in Scilit:
- Secure web applications via automatic partitioningPublished by Association for Computing Machinery (ACM) ,2007
- Dynamic Dependency Monitoring to Secure Information FlowPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Refactoring programs to secure information flowsPublished by Association for Computing Machinery (ACM) ,2006
- Trusted declassification:Published by Association for Computing Machinery (ACM) ,2006
- Provably Correct Runtime Enforcement of Non-interference PropertiesPublished by Springer Nature ,2006
- Dimensions and Principles of DeclassificationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Confidentiality for mobile code: the case of a simple payment protocolPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Security Policies and Security ModelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1982
- Certification of programs for secure information flowCommunications of the ACM, 1977
- Memoryless subsystemsThe Computer Journal, 1974