Abstract
This paper presents a calculus that supports information-flow security policies and certificate-based declassification. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F ≽ ). We prove a conditioned version of the noninterference theorem such that authorization for declassification is justified by digital certificates from public-key infrastructures.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A Core Calculus of Dependency. In: ACM Symposium on Principles of Programming Languages (1999)
Banerjee, A., Naumann, D.A.: Secure Information Flow and Pointer Confinement in a Java-like Language. In: Computer Security Foundations Workshop (2002)
Barbanera, F., Dezani-Ciancaglini, M., de’Liguoro, U.: Intersection and Union Types: Syntax and Semantics. Information and Computation 119 (1995)
Chothia, T., Duggan, D., Vitek, J.: Type-Based Distributed Access Control. In: Computer Security Foundations Workshop (2003)
Crary, K., Kliger, A., Pfenning, F.: A monadic analysis of info flow security with mutable state. In: Foundations of Computer Security (2004)
Curien, P.-L., Ghelli, G.: Coherence of subsumption, minimum typing and type-checking in Fsub. Mathematical Structures in Computer Science (1992)
Li, P., Mao, Y., Zdancewic, S.: Information Integrity Policies. In: Proceedings of the Workshop on Formal Aspects in Security and Trust (FAST) (2003)
Li, P., Zdancewic, S.: Downgrading Policies and Relaxed Noninterference. In: ACM Symposium on Principles of Programming Languages (2004)
Moggi, E.: Computational Lambda-Calculus and Monads. In: IEEE Symposium on Logic in Computer Science (1989)
Myers, A.C., Liskov, B.: A Decentralized Model for Information Flow Control. In: ACM Symposium on Operating Systems Principles (1997)
Naumann, D.A.: Machine-checked correctness of a secure information flow analyzer. Technical Report CS-2004-10, Stevens Institute of Technology (2004)
Pitts, A.: Existential Types: Logical Relations and Operational Equivalence. In: International Colloquium on Automata, Languages and Programming (1998)
Pottier, F., Simonet, V.: Information flow inference for ML. In: ACM Symposium on Principles of Programming Languages (2002)
Sabelfeld, A., Myers, A.C.: A Model for Delimited Release. In: International Symposium on Software Security (2003)
Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications 21(1) (2003)
Strecker, M.: Formal Analysis of an Information Flow Type System for MicroJava. Technical report, Technische Universitat Munchen (2003)
Tse, S., Zdancewic, S.: Certificate-based Declassification. Technical Report MS-CIS-04-16, University of Pennsylvania (2004)
Tse, S., Zdancewic, S.: Run-time Principals in Information-flow Type Systems. In: IEEE Symposium on Security and Privacy (2004)
Wadler, P.: Theorems for Free! In: Functional Programming Languages and Computer Architecture (1989)
Wright, A.K., Felleisen, M.: A Syntactic Approach to Type Soundness. Information and Computation 115(1) (1994)
Zdancewic, S.: Programming Languages for Information Security. PhD thesis, Cornell University (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tse, S., Zdancewic, S. (2005). A Design for a Security-Typed Language with Certificate-Based Declassification. In: Sagiv, M. (eds) Programming Languages and Systems. ESOP 2005. Lecture Notes in Computer Science, vol 3444. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31987-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-31987-0_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25435-5
Online ISBN: 978-3-540-31987-0
eBook Packages: Computer ScienceComputer Science (R0)