A Design for a Security-Typed Language with Certificate-Based Declassification

  • Stephen Tse
  • Steve Zdancewic
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3444)


This paper presents a calculus that supports information-flow security policies and certificate-based declassification. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F  ≽ ). We prove a conditioned version of the noninterference theorem such that authorization for declassification is justified by digital certificates from public-key infrastructures.


  1. 1.
    Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A Core Calculus of Dependency. In: ACM Symposium on Principles of Programming Languages (1999)Google Scholar
  2. 2.
    Banerjee, A., Naumann, D.A.: Secure Information Flow and Pointer Confinement in a Java-like Language. In: Computer Security Foundations Workshop (2002)Google Scholar
  3. 3.
    Barbanera, F., Dezani-Ciancaglini, M., de’Liguoro, U.: Intersection and Union Types: Syntax and Semantics. Information and Computation 119 (1995)Google Scholar
  4. 4.
    Chothia, T., Duggan, D., Vitek, J.: Type-Based Distributed Access Control. In: Computer Security Foundations Workshop (2003)Google Scholar
  5. 5.
    Crary, K., Kliger, A., Pfenning, F.: A monadic analysis of info flow security with mutable state. In: Foundations of Computer Security (2004)Google Scholar
  6. 6.
    Curien, P.-L., Ghelli, G.: Coherence of subsumption, minimum typing and type-checking in Fsub. Mathematical Structures in Computer Science (1992)Google Scholar
  7. 7.
    Li, P., Mao, Y., Zdancewic, S.: Information Integrity Policies. In: Proceedings of the Workshop on Formal Aspects in Security and Trust (FAST) (2003)Google Scholar
  8. 8.
    Li, P., Zdancewic, S.: Downgrading Policies and Relaxed Noninterference. In: ACM Symposium on Principles of Programming Languages (2004)Google Scholar
  9. 9.
    Moggi, E.: Computational Lambda-Calculus and Monads. In: IEEE Symposium on Logic in Computer Science (1989)Google Scholar
  10. 10.
    Myers, A.C., Liskov, B.: A Decentralized Model for Information Flow Control. In: ACM Symposium on Operating Systems Principles (1997)Google Scholar
  11. 11.
    Naumann, D.A.: Machine-checked correctness of a secure information flow analyzer. Technical Report CS-2004-10, Stevens Institute of Technology (2004)Google Scholar
  12. 12.
    Pitts, A.: Existential Types: Logical Relations and Operational Equivalence. In: International Colloquium on Automata, Languages and Programming (1998)Google Scholar
  13. 13.
    Pottier, F., Simonet, V.: Information flow inference for ML. In: ACM Symposium on Principles of Programming Languages (2002)Google Scholar
  14. 14.
    Sabelfeld, A., Myers, A.C.: A Model for Delimited Release. In: International Symposium on Software Security (2003)Google Scholar
  15. 15.
    Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications 21(1) (2003)Google Scholar
  16. 16.
    Strecker, M.: Formal Analysis of an Information Flow Type System for MicroJava. Technical report, Technische Universitat Munchen (2003)Google Scholar
  17. 17.
    Tse, S., Zdancewic, S.: Certificate-based Declassification. Technical Report MS-CIS-04-16, University of Pennsylvania (2004)Google Scholar
  18. 18.
    Tse, S., Zdancewic, S.: Run-time Principals in Information-flow Type Systems. In: IEEE Symposium on Security and Privacy (2004)Google Scholar
  19. 19.
    Wadler, P.: Theorems for Free! In: Functional Programming Languages and Computer Architecture (1989)Google Scholar
  20. 20.
    Wright, A.K., Felleisen, M.: A Syntactic Approach to Type Soundness. Information and Computation 115(1) (1994)Google Scholar
  21. 21.
    Zdancewic, S.: Programming Languages for Information Security. PhD thesis, Cornell University (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Stephen Tse
    • 1
  • Steve Zdancewic
    • 1
  1. 1.University of Pennsylvania 

Personalised recommendations