Skip to main content
SpringerLink
Log in

Scheduler-Independent Declassification

  • Conference paper
Mathematics of Program Construction (MPC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7342))

Included in the following conference series:

Abstract

The controlled declassification of secrets has received much attention in research on information-flow security, though mostly for sequential programming languages. In this article, we aim at guaranteeing the security of concurrent programs. We propose the novel security property WHAT&WHERE that allows one to limit what information may be declassified where in a program. We show that our property provides adequate security guarantees independent of the scheduling algorithm (which is non-trivial due to the refinement paradox) and present a security type system that reliably enforces the property. In a second scheduler-independence result, we show that an earlier proposed security condition is adequate for the same range of schedulers. These are the first scheduler-independence results in the presence of declassification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Almeida Matos, A., Boudol, G.: On Declassification and the Non-Disclosure Policy. Journal of Computer Security 17(5), 549–597 (2009)

    Google Scholar 

  2. Askarov, A., Sabelfeld, A.: Gradual Release: Unifying Declassification, Encryption and Key Release Policies. In: IEEE Symposium on Security and Privacy, pp. 207–221 (2007)

    Google Scholar 

  3. Askarov, A., Sabelfeld, A.: Localized Delimited Release: Combining the What and Where Dimensions of Information Release. In: Workshop on Programming Languages and Analysis for Security, pp. 53–60 (2007)

    Google Scholar 

  4. Askarov, A., Sabelfeld, A.: Tight Enforcement of Information-Release Policies for Dynamic Languages. In: IEEE Computer Security Foundations Symposium, pp. 43–59 (2009)

    Google Scholar 

  5. Banerjee, A., Naumann, D.A., Rosenberg, S.: Expressive Declassification Policies and Modular Static Enforcement. In: IEEE Symposium on Security and Privacy, pp. 339–353 (2008)

    Google Scholar 

  6. Barthe, G., Cavadini, S., Rezk, T.: Tractable Enforcement of Declassification Policies. In: IEEE Computer Security Foundations Symposium, pp. 83–97 (2008)

    Google Scholar 

  7. Barthe, G., Rezk, T., Russo, A., Sabelfeld, A.: Security of Multithreaded Programs by Compilation. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 2–18. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Bell, D.E., LaPadula, L.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Tech. Rep. MTR-2997, MITRE (1976)

    Google Scholar 

  9. Bossi, A., Piazza, C., Rossi, S.: Compositional Information Flow Security for Concurrent Programs. Journal of Computer Security 15(3), 373–416 (2007)

    Google Scholar 

  10. Broberg, N., Sands, D.: Flow Locks: Towards a Core Calculus for Dynamic Flow Policies. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 180–196. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Broberg, N., Sands, D.: Paralocks: Role-based Information Flow Control and Beyond. In: ACM Symposium on Principles of Programming Languages, pp. 431–444 (2010)

    Google Scholar 

  12. Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  13. Huisman, M., Worah, P., Sunesen, K.: A Temporal Logic Characterisation of Observational Determinism. In: IEEE Computer Security Foundations Workshop, pp. 3–15 (2006)

    Google Scholar 

  14. Jacob, J.: On the Derivation of Secure Components. In: IEEE Symposium on Security and Privacy, pp. 242–247 (1989)

    Google Scholar 

  15. Li, P., Zdancewic, S.: Downgrading Policies and Relaxed Noninterference. In: ACM Symposium on Principles of Programming Languages, pp. 158–170 (2005)

    Google Scholar 

  16. Lux, A., Mantel, H.: Declassification with Explicit Reference Points. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 69–85. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Lux, A., Mantel, H.: Who Can Declassify? In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 35–49. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Mantel, H.: Preserving Information Flow Properties under Refinement. In: IEEE Symposium on Security and Privacy, pp. 78–91 (2001)

    Google Scholar 

  19. Mantel, H.: Information Flow and Noninterference. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, 2nd edn., pp. 605–607. Springer (2011)

    Google Scholar 

  20. Mantel, H., Reinhard, A.: Controlling the What and Where of Declassification in Language-Based Security. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 141–156. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Mantel, H., Sands, D.: Controlled Declassification based on Intransitive Noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Mantel, H., Sudbrock, H.: Flexible Scheduler-Independent Security. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 116–133. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  23. McCullough, D.: Specifications for Multi-Level Security and a Hook-Up Property. In: IEEE Symposium on Security and Privacy, pp. 161–166 (1987)

    Google Scholar 

  24. Morgan, C.: The Shadow Knows: Refinement of Ignorance in Sequential Programs. In: Yu, H.-J. (ed.) MPC 2006. LNCS, vol. 4014, pp. 359–378. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  25. Myers, A.C., Liskov, B.: Protecting Privacy using the Decentralized Label Model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)

    Article  Google Scholar 

  26. Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing Robust Declassification and Qualified Robustness. Journal of Computer Security 14, 157–196 (2006)

    Google Scholar 

  27. Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through Determinism. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 33–53. Springer, Heidelberg (1994)

    Google Scholar 

  28. Russo, A., Sabelfeld, A.: Securing Interaction between Threads and the Scheduler in the Presence of Synchronization. Journal of Logic and Algebraic Programming 78(7), 593–618 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  29. Sabelfeld, A., Myers, A.C.: A Model for Delimited Information Release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  30. Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 40–59. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  31. Sabelfeld, A., Sands, D.: Probabilistic Noninterference for Multi-threaded Programs. In: IEEE Computer Security Foundations Workshop, pp. 200–215 (2000)

    Google Scholar 

  32. Sabelfeld, A., Sands, D.: Dimensions and Principles of Declassification. In: IEEE Computer Security Foundations Workshop, pp. 255–269 (2005)

    Google Scholar 

  33. Sabelfeld, A., Sands, D.: Declassification: Dimensions and Principles. Journal of Computer Security 17(5), 517–548 (2009)

    Google Scholar 

  34. Sutherland, D.: A Model of Information. In: National Computer Security Conference (1986)

    Google Scholar 

  35. Volpano, D., Smith, G.: Probabilistic Noninterference in a Concurrent Language. In: IEEE Computer Security Foundations Workshop, pp. 34–43 (1998)

    Google Scholar 

  36. Zdancewic, S., Myers, A.C.: Observational Determinism for Concurrent Program Security. In: IEEE Computer Security Foundations Workshop, pp. 29–43 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science, TU Darmstadt, Germany

    Alexander Lux, Heiko Mantel & Matthias Perner

Authors
  1. Alexander Lux
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heiko Mantel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Matthias Perner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Oxford University, Wolfson Building, Parks Road, OX1 3QD, Oxford, UK

    Jeremy Gibbons

  2. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo s/n, 28660, Boadilla del Monte, Madrid, Spain

    Pablo Nogueira

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lux, A., Mantel, H., Perner, M. (2012). Scheduler-Independent Declassification. In: Gibbons, J., Nogueira, P. (eds) Mathematics of Program Construction. MPC 2012. Lecture Notes in Computer Science, vol 7342. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31113-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31113-0_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31112-3

  • Online ISBN: 978-3-642-31113-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation