Results 1 - 10 of 1,238

Enforcing robust declassification and qualified robustness

by Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic - Journal of Computer Security , 2006
"... Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems release sensitive information as part of their intended function and therefore violate noninterference. To control information flow while permitting information release, ..."
Abstract - Cited by 44 (14 self) - Add to MetaCart
, some systems have a downgrading or declassification mechanism, but this creates the danger that it may cause unintentional information release. This paper shows that a robustness property can be used to characterize programs in which declassification mechanisms cannot be controlled by attackers

Robust Declassification

by Steve Zdancewic, Andrew C. Myers - in Proc. IEEE Computer Security Foundations Workshop , 2001
"... Security properties based on information flow, such as noninterference, provide strong guarantees that confidentiality is maintained. However, programs often need to leak some amount of confidential information in order to serve their intended purpose, and thus violate noninterference. Real systems ..."
Abstract - Cited by 165 (26 self) - Add to MetaCart
that control information flow often include mechanisms for downgrading or declassifying information; however, declassification can easily result in the unexpected release of confidential information.

Resource Containers: A New Facility for Resource Management in Server Systems

by Gaurav Banga, Peter Druschel, Jeffrey C. Mogul - In Operating Systems Design and Implementation , 1999
"... General-purpose operating systems provide inadequate support for resource management in large-scale servers. Applications lack sufficient control over scheduling and management of machine resources, which makes it difficult to enforce priority policies, and to provide robust and controlled service. ..."
Abstract - Cited by 498 (10 self) - Add to MetaCart
General-purpose operating systems provide inadequate support for resource management in large-scale servers. Applications lack sufficient control over scheduling and management of machine resources, which makes it difficult to enforce priority policies, and to provide robust and controlled service

A Type System for Robust Declassification

by Steve Zdancewic , 2003
"... Language-based approaches to information security have led to the development of security type systems that permit the programmer to describe confidentiality policies on data. Security type systems are usually intended to enforce noninterference, a property that requires that high-security informati ..."
Abstract - Cited by 30 (5 self) - Add to MetaCart
Language-based approaches to information security have led to the development of security type systems that permit the programmer to describe confidentiality policies on data. Security type systems are usually intended to enforce noninterference, a property that requires that high

Robust Higher Order Potentials for Enforcing Label Consistency

by P. Kohli, L. Ladický, P. H. S. Torr , 2009
"... This paper proposes a novel framework for labelling problems which is able to combine multiple segmentations in a principled manner. Our method is based on higher order conditional random fields and uses potentials defined on sets of pixels (image segments) generated using unsupervised segmentation ..."
Abstract - Cited by 259 (34 self) - Add to MetaCart
algorithms. These potentials enforce label consistency in image regions and can be seen as a generalization of the commonly used pairwise contrast sensitive smoothness potentials. The higher order potential functions used in our framework take the form of the Robust P n model and are more general than the P

A semantic framework for declassification and endorsement

by Aslan Askarov, Andrew Myers - In Proc. European Symp. on Programming, LNCS , 2010
"... Abstract. Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification mechanisms for relaxing confidentiality poli ..."
Abstract - Cited by 28 (5 self) - Add to MetaCart
Abstract. Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification mechanisms for relaxing confidentiality

A Type System for Robust Declassification Abstract

by Steve Zdancewic
"... Language-based approaches to information security have led to the development of security type systems that permit the programmer to describe confidentiality policies on data. Security type systems are usually intended to enforce noninterference, a property that requires that high-security informati ..."
Abstract - Add to MetaCart
for determining when a program satisfies the robust declassification condition. This paper motivates robust declassification and shows that a simple change to a security type system can enforce it. The idea is to extend the lattice of security labels to include integrity constraints as well as confidentiality

Tractable enforcement of declassification policies

by Gilles Barthe, Inria Sophia Antipolis, Salvador Cavadini, Inria Sophia Antipolis, Tamara Rezk, Inria Sophia Antipolis, Msr-inria Joint Centre - In Proc. IEEE Computer Security Foundations Symposium , 2008
"... Formalizing appropriate information policies that authorize some controlled form of information release, and providing sound analyses for these policies is a necessary step towards practical applications of language-based security. We propose a modular method to enhance noninterference type systems ..."
Abstract - Cited by 8 (0 self) - Add to MetaCart
to support controlled forms of information release that combine the what and where dimensions of declassification. As a case study, we derive from earlier work on non-interference type systems new type systems that soundly enforce declassification policies for sequential fragments of the Java Virtual Machine

Quantitative Robust Declassification

by Hao Zhu, Yi Zhuang, Xiang Chen
"... Abstract: The previous declassification policies focus on qualitative analysis of security properties along different dimensions, lacking quantitative analysis of them. As a step in this direction, we relax restrictiveness of robustness of declassification from the quantitative aspect, and propose a ..."
Abstract - Add to MetaCart
Abstract: The previous declassification policies focus on qualitative analysis of security properties along different dimensions, lacking quantitative analysis of them. As a step in this direction, we relax restrictiveness of robustness of declassification from the quantitative aspect, and propose

MFPS XIX Preliminary Version A Type System for Robust Declassification Abstract

by Steve Zdancewic
"... Language-based approaches to information security have led to the development of security type systems that permit the programmer to describe confidentiality policies on data. Security type systems are usually intended to enforce noninterference, a property that requires that high-security informati ..."
Abstract - Add to MetaCart
for determining when a program satisfies the robust declassification condition. This paper motivates robust declassification and shows that a simple change to a security type system can enforce it. The idea is to extend the lattice of security labels to include integrity constraints as well as confidentiality
Results 1 - 10 of 1,238