Secure Information Flow as a Safety Problem

Tachio Terauchi and Alex Aiken

EECS Department, University of California, Berkeley

Technical Report No. UCB/CSD-05-1396

2005

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/CSD-05-1396.pdf

The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.

BibTeX citation:

@techreport{Terauchi:CSD-05-1396,
    Author= {Terauchi, Tachio and Aiken, Alex},
    Title= {Secure Information Flow as a Safety Problem},
    Year= {2005},
    Month= {Jun},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/5541.html},
    Number= {UCB/CSD-05-1396},
    Abstract= {The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.},
}

EndNote citation:

%0 Report
%A Terauchi, Tachio 
%A Aiken, Alex 
%T Secure Information Flow as a Safety Problem
%I EECS Department, University of California, Berkeley
%D 2005
%@ UCB/CSD-05-1396
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/5541.html
%F Terauchi:CSD-05-1396