Secure Information Flow as a Safety Problem
Tachio Terauchi and Alex Aiken
EECS Department, University of California, Berkeley
Technical Report No. UCB/CSD-05-1396
, 2005
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/CSD-05-1396.pdf
The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.
BibTeX citation:
@techreport{Terauchi:CSD-05-1396, Author= {Terauchi, Tachio and Aiken, Alex}, Title= {Secure Information Flow as a Safety Problem}, Year= {2005}, Month= {Jun}, Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/5541.html}, Number= {UCB/CSD-05-1396}, Abstract= {The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.}, }
EndNote citation:
%0 Report %A Terauchi, Tachio %A Aiken, Alex %T Secure Information Flow as a Safety Problem %I EECS Department, University of California, Berkeley %D 2005 %@ UCB/CSD-05-1396 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/5541.html %F Terauchi:CSD-05-1396