Security policies for downgrading
- 25 October 2004
- proceedings article
- Published by Association for Computing Machinery (ACM)
- p. 198-209
- https://doi.org/10.1145/1030083.1030110
Abstract
A long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security policies for downgrading and a security type system that incorporates them, allowing secure downgrading of information through an explicit declassification operation. Examples are given showing that the downgrading policy language captures useful aspects of designer intent. These policies are connected to a semantic security condition that generalizes noninterference, and the type system is shown to enforce this security condition.Keywords
This publication has 17 references indexed in Scilit:
- Using access control for secure information flow in a Java-like languagePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Observational determinism for concurrent program securityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- A Type System for Robust DeclassificationElectronic Notes in Theoretical Computer Science, 2003
- Toward a mathematical foundation for information flow securityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Untrusted hosts and confidentialityPublished by Association for Computing Machinery (ACM) ,2001
- Transforming out timing leaksPublished by Association for Computing Machinery (ACM) ,2000
- Verifying secrets and relative secrecyPublished by Association for Computing Machinery (ACM) ,2000
- JFlowPublished by Association for Computing Machinery (ACM) ,1999
- Covert Channel CapacityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1987
- Security Policies and Security ModelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1982