Non-termination and secure information flow
نویسندگان
چکیده
منابع مشابه
Non-termination and secure information flow
In secure information flow analysis, the classic Denning restrictions allow a program’s termination to be affected by the values of its H variables, resulting in potential information leaks. In an effort to quantify such leaks, in this work we study a simple imperative language with random assignments. As a thought experiment, we propose a “stripping” operation on programs, which eliminates all...
متن کاملSecure Information Flow and CPS
Security-typed languages enforce secrecy or integrity policies by type-checking. This paper investigates continuation-passing style as a means of proving that such languages enforce non-interference and as a first step towards understanding their compilation. We present a lowlevel, secure calculus with higher-order, imperative features. Our type system makes novel use of ordered linear continua...
متن کاملComputationally secure information flow
This thesis presents a definition and a static program analysis for secure information flow. The definition of secure information flow is not based on non-interference, but on the computational independence of the program’s public outputs from its secret inputs. Such definition allows cryptographic primitives to be gracefully handled, as their security is usually defined to be only computationa...
متن کاملArrows for secure information flow
This paper presents an embedded security sublanguage for enforcing informationflow policies in the standard Haskell programming language. The sublanguage provides useful information-flow control mechanisms including dynamic security lattices, run-time code privileges and declassification all without modifying the base language. This design avoids the redundant work of producing new languages, l...
متن کاملInformation flow in secure contexts
Information flow security in a multilevel system aims at guaranteeing that no high level information is revealed to low level users, even in the presence of any possible malicious process. This requirement could be stronger than necessary when some knowledge about the environment (context) in which the process is going to run is available. To relax this requirement we introduce the notion of se...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Mathematical Structures in Computer Science
سال: 2011
ISSN: 0960-1295,1469-8072
DOI: 10.1017/s0960129511000181