[Prev][Next][Index][Thread]
Paper announcement: Language-Based Information-Flow Security
-
To: types@cis.upenn.edu
-
Subject: Paper announcement: Language-Based Information-Flow Security
-
From: Andrei Sabelfeld <andrei@CS.Cornell.EDU>
-
Date: Mon, 19 Aug 2002 17:39:04 -0400
-
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1
We would like to announce the availability of a survey paper on
language-based techniques for the specification and enforcement
of confidentiality properties. The paper is to appear in IEEE
Journal on Selected Areas in Communication.
Language-Based Information-Flow Security
Andrei Sabelfeld Andrew C. Myers
Current standard security practices do not provide substantial
assurance that the end-to-end behavior of a computing system
satisfies important security policies such as confidentiality. An
end-to-end confidentiality policy might assert that secret input
data cannot be inferred by an attacker through the attacker's
observations of system output; this policy regulates information
flow.
Conventional security mechanisms such as access control and
encryption do not directly address the enforcement of
information-flow policies. Recently, a promising new approach has
been developed: the use of programming-language techniques for
specifying and enforcing information-flow policies. In this article
we survey the past three decades of research on information-flow
security, particularly focusing on work that uses static program
analysis to enforce information-flow policies. We give a structured
view of recent work in the area and identify some important open
challenges.
Keywords: Computer security, confidentiality, information flow,
noninterference, security-type systems, covert channels,
security policies, concurrency.
Paper available via
http://www.cs.cornell.edu/~andrei/Papers/jsac.ps
http://www.cs.cornell.edu/~andrei/Papers/jsac.pdf
BibTeX file with references made in the survey available via
http://www.cs.cornell.edu/~andrei/Papers/lang-inflow.bib
Comments and suggestions are most welcome.
Best wishes,
Andrei Sabelfeld and Andrew C. Myers