Dorothy E. Denning and Peter J. Denning. Certi cation of Programs for Secure Information Flow. Comm. of the ACM, 20(7):504-513, July 1977.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....enabling a further visit by Dr Spoto to Leeds for an additional two months in October December, 2002. Dr Hill has recently submitted the EPSRC proposal S26620 01, titled Checking Secrecy of Java Bytecode by Static Analysis . Secrecy (or secure information ow) for programming languages [1, 5, 11, 15, 19, 20] means that some sensitive information must remain within xed boundaries. Credit card numbers, personal identi cation numbers, passwords, personal les are examples of sensitive information. To enforce secrecy, a program should guarantee that sensitive information cannot be leaked by observing ....

D. E. Denning and P. J. Denning. Certi cation of Programs for Secure Information Flow. Communications of the ACM, 20(7):504 - 513, 1977.

....could be used as an aid to safe code restructuring during code optimization [2, 36] thereby allowing programmers to write more exible, higher level code that could later be optimized into the in exible, highly ecient code that machines prefer as input. By the late 1970s Denning and Denning [16] were using program dependencies to reason about secure information ow within programs. Fosdick and Osterweil suggested the use of data ow analysis to identify anomalies in program code and for producing program documentation about various aspects the de nitions and uses of variables in the ....

.... [35] more powerful approaches to data ow analysis [28] general improvements to ow analysis algorithms [8] methods to deal with the huge amounts of information that exhaustive data ow analysis generates [9] application to other areas of computer science including secure information ow [16], and most important to this dissertation, the application of data ow techniques to software maintenance problems [18, 53] 2.2.4 1980 1989 The early 1980s saw increasing interest in the area of applying data ow techniques to software maintenance problems. The value of statically analyzing a ....

D.E. Denning and P.J. Denning. Certi cation of Programs for Secure Information Flow. Communications of the ACM, 20(7):504-513, January 1977.

....not be interpreted as necessarily representing the ocial policies or endorsement of DARPA, AFRL, or the U.S. Government. c 2002 Kluwer Academic Publishers. Printed in the Netherlands. There has been much recent work on formulating Denning s original lattice model of information ow control [15, 16] in terms of type systems for static program veri cation [1, 22, 29, 30, 35 37, 40, 42] The desired security property is noninterference [20] which states that highsecurity data is not observable by low security computation. Continuing the example from above, the high security data is the ....

Denning, D. E. and P. J. Denning: 1977, `Certi cation of Programs for Secure Information Flow'. Comm. of the ACM 20(7), 504-513.

.... [1,27,28,18,25,26,13,12] Here security requirements are seen as static information about the objects of a system [1,27,13,12] Our approach builds on the more classical approaches to static analysis and thus links up with the pioneering approach taken in the very early studies by Denning [14,15]; it also features a very good computational complexity: it follows from general meta results that the time needed for checking a solution is asymptotically equal to the time needed for inferring a solution (unlike what seems to be the case for subtyping based type systems) 13 ....

D. E. Denning and P. J. Denning, Certi cation of Programs for Secure Information Flow, Communications of the ACM 20(7) (July 1977) 504-513. 14

....in Sec. 7 with respect to the semantics and security de nition given in Sec. 4. Finally, Sec. 8 shows that the new analysis favorably compares with the one given in [7] 2. RELATED WORK Using program analysis for certi cation of secure information ow was pioneered by Denning and Denning [4, 5]. They annotated the program statements with the information ow between the variables caused by that statement, and analysed this ow. Volpano et al. 19] gave a de nition of secure information ow and accompanying analysis without using any instrumentations. Leino and Joshi [8] de ne a program ....

D. Denning and P. Denning. Certi cation of Programs for Secure Information Flow. Communications of the ACM, 20(7):504-513, 1977.

.... [1,32,31,29,30,19,27,28,12,11] Here security requirements are seen as static information about the objects of a system [1,32,12,11] Our approach builds on the more classical approaches to static analysis and thus links up with the pioneering approach taken in the very early studies by Denning [14,15]; it also features a very good computational complexity. Because of lack of space, we dispense with the proofs, which often use techniques similar to those of [7] and that can in part be found in the extended version of the paper. 2 History Dependent Cryptography Syntax. We de ne the ....

D. E. Denning and P. J. Denning. Certication of Programs for Secure Information Flow. Communications of the ACM, pages 504-513, July 1977.

....program cannot learn anything about the con dential inputs. In this case we say, that the program has secure information ow. What does it mean that an attacker can or cannot learn anything There exists quite a large body of literature studying di erent instances of secure information ow, e.g. [3 5, 7, 10 16]. With the notable exception of [15, 16] security is de ned through noninterference, i.e. it is required that the public outputs of the program do not contain any information (in the information theoretic sense) about the con dential inputs. This corresponds to an all powerful attacker who, in ....

....The programming language contains a binary operator encrypt message x under the key k 2 . The analysis re ects that nding the message from the cryptotext is infeasible without knowing the key. 2 Related Work The use of program analysis to determine information ow was pioneered by Denning [4, 5]. She instrumented the semantics of programs with annotations that expressed which program variables were dependent on which other program variables. The de nition of secure information ow was given in terms of these instrumentations [5] Also, she gave an accompanying program analysis. Volpano ....

[Article contains additional citation context not shown here]

Denning, D.E., Denning, P.: Certication of Programs for Secure Information Flow. Communications of the ACM 20(7), pp. 504-513, 1977.

....initial focus has been to develop a simple language for access control which can be implemented easily and eciently. The DIAMOND [31] security model provides an alternative model for inheriting security policies in object oriented systems. This extends the MLS security model described by Denning [8] to object oriented databases. The innovation is that security levels, and hence policies, are not inherited from a class s superclass. Instead, they are derived from its instances. This allows a particular instance of a subclass to have a higher security level than its superclass. 6 Summary We ....

D. Denning and P.J. Denning. Certication of Programs for Secure Information Flow. In Communcations of the ACM, volume 20(7), pages 504-513. ACM, 1977.

No context found.

Dorothy E. Denning and Peter J. Denning. Certi cation of Programs for Secure Information Flow. Comm. of the ACM, 20(7):504-513, July 1977.

No context found.

D.E. Denning and P.J. Denning. Certi cation of Programs for Secure Information Flow. Communications of the ACM, 20(7):504-513, January 1977.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC