Semantics and Enforcement of Expressive Information Flow Policies

  • Anindya Banerjee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5983)


The following is intended as an overview of my invited talk at the 2009 FAST workshop. The primary reference for this work remains the earlier paper [4] that contains the necessary technical details, motivating examples and commentary on particular design choices.


Security Policy Hoare Logic Static Enforcement Assertion Check Hoare Triple 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amtoft, T., Banerjee, A.: Information flow analysis in logical form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100–115. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 91–102 (2006)Google Scholar
  3. 3.
    Askarov, A., Sabelfeld, A.: Gradual release: Unifying declassification, encryption and key release policies. In: IEEE Symposium on Security and Privacy, pp. 207–221 (2007)Google Scholar
  4. 4.
    Banerjee, A., Naumann, D., Rosenberg, S.: Expressive declassification policies and their modular static enforcement. In: IEEE Symposium on Security and Privacy, pp. 339–353 (2008)Google Scholar
  5. 5.
    A. Banerjee, D. Naumann, and S. Rosenberg. Regional logic for local reasoning about global invariants. In ECOOP. pages 387–411, 2008.CrossRefGoogle Scholar
  6. 6.
    Benton, N.: Simple relational correctness proofs for static analyses and program transformations. In: POPL, pp. 14–25 (2004)Google Scholar
  7. 7.
    Broberg, N., Sands, D.: Flow locks. In: ESOP, pp. 180–196 (2006)Google Scholar
  8. 8.
    Chong, S., Myers, A.C.: Security policies for downgrading. In: ACM CCS, pp. 198–209 (2004)Google Scholar
  9. 9.
    Myers, A.C.: JFlow: Practical mostly-static information flow control. In: POPL, pp. 228–241 (1999)Google Scholar
  10. 10.
    Rushby, J.: Noninterference, transitivity, and channel-control security policies. Technical report, SRI (December 1992)Google Scholar
  11. 11.
    Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. Journal of Computer Security (2007)Google Scholar
  13. 13.
    Zdancewic, S.: Challenges for information-flow security. In: Proceedings of the 1st International Workshop on the Programming Language Interference and Dependence, PLID 2004 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Anindya Banerjee
    • 1
  1. 1.IMDEA SoftwareMadridSpain

Personalised recommendations