Secure Information Flow as a Safety Problem

Tachio Terauchi and Alex Aiken

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-05-1396
June 2005

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/CSD-05-1396.pdf

The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.

BibTeX citation:

@techreport{Terauchi:CSD-05-1396,
    Author = {Terauchi, Tachio and Aiken, Alex},
    Title = {Secure Information Flow as a Safety Problem},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2005},
    Month = {Jun},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/5541.html},
    Number = {UCB/CSD-05-1396},
    Abstract = {The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.}
}

EndNote citation:

%0 Report
%A Terauchi, Tachio
%A Aiken, Alex
%T Secure Information Flow as a Safety Problem
%I EECS Department, University of California, Berkeley
%D 2005
%@ UCB/CSD-05-1396
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/5541.html
%F Terauchi:CSD-05-1396

EECS at UC Berkeley

Search form

Secure Information Flow as a Safety Problem

Tachio Terauchi and Alex Aiken

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-05-1396
June 2005

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/CSD-05-1396.pdf

Secure Information Flow as a Safety Problem

Tachio Terauchi and Alex Aiken

EECS Department University of California, Berkeley Technical Report No. UCB/CSD-05-1396 June 2005

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/CSD-05-1396.pdf

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-05-1396
June 2005