Protecting privacy using the decentralized label model (2000) [99 citations — 16 self]

Download:
pdf | ps

by Andrew C. Myers, Barbara Liskov, Name Barbara Liskov

ACM Transactions on Software Engineering and Methodology

http://www.cs.cornell.edu/andru/papers/iflow-tosem.ps.gz

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@ARTICLE{Myers00protectingprivacy,
    author = {Andrew C. Myers and Barbara Liskov and Name Barbara Liskov},
    title = {Protecting privacy using the decentralized label model},
    journal = {ACM Transactions on Software Engineering and Methodology},
    year = {2000},
    volume = {9},
    pages = {2000}
}

Years of Citing Articles

Abstract:

Stronger protection is needed for the confidentiality and integrity of data, because programs containing untrusted code are the rule rather than the exception. Information flow control allows the enforcement of end-to-end security policies but has been di#cult to put into practice. This paper describes the decentralized label model, a new label model for control of information flow in systems with mutual distrust and decentralized authority. The model improves on existing multilevel security models by allowing users to declassify information in a decentralized way, and by improving support for fine-grained data sharing. It supports static program analysis of information flow, so that programs can be certified to permit only acceptable information flows, while largely avoiding the overhead of run-time checking. The paper introduces the language Jif, an extension to Java that provides static checking of information flow using the decentralized label model. Categories and Subject Descriptors: D.4.6 [Operating Systems]: Security and Protection---information flow controls

Citations

1416	The Java Language Specification – Gosling, Joy, et al. - 1996
811	Proof-Carrying Code – Necula - 1997
483	From System F to typed assembly language – Morrisett, Walker, et al. - 1998
433	Security policies and security models – Goguen, Meseguer - 1982
344	Authentication in Distributed Systems: Theory and Practice – Lampson, Abadi, et al. - 1991
329	A lattice model of secure information flow – Denning - 1976
242	A sound type system for secure flow analysis – Volpano, Smith, et al. - 1996
231	Integrity considerations for secure computer systems – Biba - 1977
231	Certification of programs for secure information flow – Denning, Denning - 1977
230	JFlow: Practical Mostly-Static Information Flow Control – Myers - 1999
225	Secrecy by typing in security protocols – Abadi - 1997
179	The SLam calculus: programming with secrecy and integrity – Heintze, Riecke - 1998
153	Secure information flow in a multithreaded imperative language – Smith, Volpano - 1998
148	A core calculus of dependency – Abadi, Banerjee, et al. - 1999
118	Unwinding and inference control – Goguen, Meseguer - 1984
106	A general theory of composition for trace sets closed under selective interleaving functions – McLean - 1994
96	Transforming out timing leaks – Agat - 2000
90	A Model of Information – Sutherland - 1986
82	Security models and information flow – McLean - 1990
81	Specifications for multi-level security and a hook-up property – McCullough - 1987
80	Information Flow in Non deterministic Systems – Wittbold, Johnson - 1990
63	Toward a mathematical foundation for information flow security – Gray - 1992
60	The compositional security checker: A tool for the verification of information flow security properties – Focardi, Gorrieri - 1997
59	Information flow inference for free – Pottier, Conchon - 2000
53	Complete, safe information flow with decentralized labels – Myers, Liskov - 1998
52	An axiomatic approach to information flow in programs – Andrews, Reitman - 1980
45	Role Hierarchies and Constraints for Lattice-Based Access Controls – Sandhu - 1996
43	The Java Virtual Machine – Lindholm, Yellin - 1996
38	Memoryless subsystems – Fenton - 1974
35	Mostly-Static Decentralized Information Flow Control – Myers - 1999
34	Providing flexibility in information flow control for object-oriented systems – FERRARI, SAMARATI, et al. - 1997
34	III. Probabilistic interference – Gray - 1990
33	Trust in the *-calculus – Palsberg, Orbaek - 1995
31	Covert channel capacity – Millen - 1987
30	Trust in the λ-calculus – Palsberg, Ørbæk - 1995
29	Proving multilevel security of a system design – FEIERTAG, LEVITT, et al. - 1977
29	Beyond the pale of mac and dac – defining new forms of access control – McCollum, Messing, et al. - 1990
23	A technique for proving specifications are multilevel secure – Feiertag - 1980
23	Security kernel validation in practice – Millen - 1976
21	Information protection systems – Fenton - 1973
19	A network version of the pump – Kang, Moskowitz, et al. - 1995
13	Access flow: A protection model which integrates access control and information flow – Stoughton - 1981
8	Information flow analysis of formal specifications – Millen - 1981
6	Storage channels in disk arm optimization – KARGER, WRAY - 1991
4	A general theory of security properties and secure composition – Zakinthinos, Lee - 1997
4	Multilevel security in the UNIX tradition – MCILROY, A - 1992
3	Multilevel security in the UNIX tradition. Software---Practice and Experience – McIlroy, Reeds - 1992
1	Protecting Privacy using the Decentralized Label Model · 27 – BELL, LAPADULA - 1975

View or Download | Add to My Collection | Correct Errors