Back to Search
Start Over
Run-time principals in information-flow type systems
- Source :
- IEEE Symposium on Security and Privacy
- Publication Year :
- 2004
- Publisher :
- IEEE, 2004.
-
Abstract
- Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in terms of static information—data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running. This article studies language support for run-time principals , a mechanism for specifying security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification. In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains.
- Subjects :
- Information privacy
Delegation
business.industry
Computer science
media_common.quotation_subject
Principal (computer security)
Authorization
Data security
Access control
Information security
Security policy
Certificate
Computer security
computer.software_genre
Public-key cryptography
Data integrity
Information system
Declassification
Information flow (information theory)
business
computer
Software
media_common
Subjects
Details
- Database :
- OpenAIRE
- Journal :
- IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004
- Accession number :
- edsair.doi.dedup.....13b8f93c8a2ba0df7aa3e0d508f8c89f