Skip to main content
SpringerLink
Log in

Access Control and Declassification

  • Conference paper
Computer Network Security (MMM-ACNS 2007)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1))

Abstract

We integrate programming constructs for managing confidentiality in an ML-like imperative and higher-order programming language, dealing with both access control and information flow control. Our language includes in particular a construct for declassifying information, and constructs for granting, restricting or testing the read access level of a program. We introduce a type and effect system to statically check access rights and information flow. We show that typable programs are secure, that is, they do not attempt at making illegal read accesses, nor illegal information leakage. This provides us with a natural restriction on declassification, namely that a program may only declassify information that is has the right to read.

Work partially supported by the ANR-06-SETI-010 grant. The second author is supported by a PhD scholarship from Torino University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Almeida Matos, A., Boudol, G.: On declassification and the non-disclosure policy. In: CSFW′05, pp. 226–240 (2005) Revised version accepted for publication in the J. of Computer Security, available from the authors web page.

    Google Scholar 

  2. Banerjee, A., Naumann, D.A.: Stack-based access control for secure information flow. J. of Functional Programming. special issue on Language-Based Security 15, 131–177 (2005).

    MATH  MathSciNet  Google Scholar 

  3. Boudol, G.: On typing information flow. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 366–380. Springer, Heidelberg (2005).

    Chapter  Google Scholar 

  4. Broberg, N., Sands, D.: Flow locks: towards a core calculus for dynamic flow policies. In: Sestoft, P. (ed.) ESOP 2006 and ETAPS 2006. LNCS, vol. 3924, pp. 180–196. Springer, Heidelberg (2006).

    Google Scholar 

  5. Chong, S., Myers, A.C.: Security policies for downgrading. In: 11th ACM Conf. on Computer and Communications Security (2004).

    Google Scholar 

  6. Cohen, E.: Information transmission in computational systems. In:6th ACM Symp. on Operating Systems Principles, pp. 133–139 (1977).

    Google Scholar 

  7. Denning, D.E.: A lattice model of secure information flow. CACM 19(5), 236–243 (1976).

    MATH  MathSciNet  Google Scholar 

  8. Fournet, C., Gordon, A.: Stack inspection: theory and variants. In: POPL′02, pp. 307–318 (2002).

    Google Scholar 

  9. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symp. on Security and Privacy, pp. 11–20 (1982).

    Google Scholar 

  10. Lampson, B.W.: A note on the confinement problem. CACM 16(10), 613–615 (1973).

    Google Scholar 

  11. Lucassen, J.M., Gifford, D.K.: Polymorphic effect systems. In: POPL′88, pp. 47–57 (1988)

    Google Scholar 

  12. Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: POPL′05, pp. 158–170 (2005)

    Google Scholar 

  13. Myers, A.: JFlow: practical mostly-static information flow control. In: POPL′99 (1999)

    Google Scholar 

  14. Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: ACM Symp. on Operating Systems Principles, pp. 129–142 (1997).

    Google Scholar 

  15. Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. J. of Computer Security 14(2), 157–196 (2006)

    Google Scholar 

  16. Pottier, F., Conchon, S.: Information flow inference for free. In: ICFP′00, pp. 46–57 (2000)

    Google Scholar 

  17. Pottier, F., Skalka, C., Smith, S.: A systematic approach to static access control. ACM TOPLAS 27(2), 344–382 (2005)

    Article  Google Scholar 

  18. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  19. Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, Springer, Heidelberg (2004)

    Google Scholar 

  20. Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: CSFW′00 (2000)

    Google Scholar 

  21. Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: CSFW′05, pp. 255–269 (2005)

    Google Scholar 

  22. Simonet, V.: The Flow Caml system: documentation and user’s manual INRIA Tech. Rep. 0282 (2003)

    Google Scholar 

  23. Skalka, C., Smith, S.: Static enforcement of security with types. In: ICFP′00, pp. 34–45 (2000)

    Google Scholar 

  24. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. of Computer Security 4(3), 167–187 (1996)

    Google Scholar 

  25. Wright, A., Felleisen, M.: A syntactic approach to type soundness. Information and Computation 115(1), 38–94 (1994)

    Article  MATH  MathSciNet  Google Scholar 

  26. Zdancewic, S.: Challenges for information-flow security. In: PLID′04 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA, 06902, Sophia Antipolis, France

    Gérard Boudol & Marija Kolundžija

Authors
  1. Gérard Boudol
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marija Kolundžija
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, St. Petersburg, 199178, Russia

    Vladimir Gorodetsky  & Igor Kotenko  & 

  2. US Air Force, Binghamton University (SUNY), Binghamton, NY, 13902, USA

    Victor A. Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Boudol, G., Kolundžija, M. (2007). Access Control and Declassification. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73986-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73985-2

  • Online ISBN: 978-3-540-73986-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation