Affiliation:
1. MPI-SWS, Germany
2. University at Buffalo, USA
3. Pennsylvania State University, USA
Abstract
To ensure programs do not leak private data, we often want to be able to provide formal guarantees ensuring such data is handled correctly. Often, we cannot keep such data secret entirely; instead programmers specify how private data may bedeclassified. While security definitions for declassification exist, they mostly do not handle higher-order programs. In fact, in the higher-order setting no compositional security definition exists for intensional information-flow properties such aswheredeclassification, which allows declassification in specific parts of a program. We use logical relations to build a model (and thus security definition) of where declassification. The key insight required for our model is that we must stop enforcing indistinguishability once arelevant declassificationhas occurred. We show that the resulting security definition provides more security than the most related previous definition, which is for the lower-order setting.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,Software
Reference25 articles.
1. Amal Ahmed . 2004. Semantics of Types for Mutable State. Ph. D. Dissertation . Princeton University . https://www.ccs.neu.edu/home/amal/ahmedthesis.pdf Amal Ahmed. 2004. Semantics of Types for Mutable State. Ph. D. Dissertation. Princeton University. https://www.ccs.neu.edu/home/amal/ahmedthesis.pdf
2. State-dependent representation independence
3. An indexed model of recursive types for foundational proof-carrying code
4. Gradual Release: Unifying Declassification, Encryption and Key Release Policies
5. Localized delimited release
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献