Verified Enforcement of Stateful Information Release Policies

Verified Enforcement of Stateful Information Release Policies

Cached

Download Links

by Nikhil Swamy , Michael Hicks

Citations:

BibTeX

@MISC{Swamy_verifiedenforcement,
    author = {Nikhil Swamy and Michael Hicks},
    title = {Verified Enforcement of Stateful Information Release Policies},
    year = {}
}

Bookmark

OpenURL

Abstract

Many organizations specify information release policies to describe the terms under which sensitive information may be released to other organizations. This paper presents a new approach for ensuring that security-critical software correctly enforces its information release policy. Our approach has two parts. First, an information release policy is specified as a security automaton written in a new language called AIR. Second, we enforce an AIR policy by translating it into an API for programs written in λAIR, a core formalism for a functional programming language. λAIR uses a novel combination of dependent, affine, and singleton types to ensure that the API is used correctly. As a consequence we can certify that programs written in λAIR meet the requirements of the original AIR policy specification.

Citations

478	A lattice model of secure information flow - DENNING - 1976
388	Enforceable security policies - Schneider - 2000
347	Enforcing high-level protocols in low-level software - DeLine, Fähndrich - 2001
340	Interactive theorem proving and program development. Coq’Art: The calculus of inductive constructions - Bertot, Castéran - 2004
295	Concepts in Programming Languages - Mitchell - 2003
274	Cyclone: A safe dialect of C - Jim, Morrisett, et al. - 2002
189	Typestate: A programming language concept for enhancing software reliability - Strom, Yemini - 1986
186	Typed memory management in a calculus of capabilities - Crary, Walker, et al. - 1999
134	SD3: A Trust Management System With Certified Evaluation - Jim - 2001
122	Robust declassification - Zdancewic, Myers - 2001
95	Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif - Myers, Zheng, et al. - 2001
90	Dimensions and principles of declassification - SABELFELD, SANDS - 2005
71	Edit automata: enforcement mechanisms for run-time security policies - Ligatti, Bauer, et al. - 2005
48	The inlined reference monitor approach to security policy enforcement - Erlingsson - 2003
37	Fable: A language for enforcing user-defined security policies - Swamy, Corcoran, et al. - 2008
24	Trusted declassification: high-level policy for a securitytyped language - Hicks, King, et al. - 2006
21	Fuzzy multi-level security: An experiment on quantified risk-adaptive access control - Cheng, Rohatgi, et al.
18	A Logic for State-Modifying Authorization Policies - BECKER, NANZ - 2007
12	Context-sensitive correlation analysis for detecting races - Pratikakis, Foster, et al. - 2006
7	Authorization in trust management: Features and foundations - Chapin, Skalka, et al. - 2008
6	Verified enforcement of automaton-based information release policies - Swamy, Hicks - 2008
5	Trusted computing system - Focke, Knoke, et al.
2	Channels: Runtime system infrastructure for security-typed languages - Hicks, Misiak, et al. - 2007
1	symposium on Principles of programming languages - Banerjee, Rosenberg
1	Jif: Java + information flow - Zheng, Zdancewic
1	Defense. directive number 5230.11 - Vaughan, Jia, et al. - 1992
1	of Defense. number 5230.11 - Walker - 1992