Publication:

Required Information Release

Thumbnail Image

Open/View Files

83283494.pdf (339.2 KB)

Date

2012

Authors

Published Version

10.3233/JCS-2012-0442

Journal Title

Journal ISSN

Volume Title

Publisher

IOS Press
The Harvard community has made this article openly available. Please share how this access benefits you.

Research Projects

Organizational Units

Journal Issue

Citation

Chong, Stephen. 2012. Required Information Release. Journal of Computer Security 20, no. 6: 637-676.

Abstract

Many computer systems have a functional requirement to release information. Such requirements are an important part of a system's information security requirements. Current information-flow control techniques are able to reason about permitted information flows, but not required information flows. In this paper, we introduce and explore the specification and enforcement of required information release in a language-based setting. We define semantic security conditions that express both what information a program is required to release, and how an observer is able to learn this information. We also consider the relationship between permitted and required information release, and define bounded release, which provides upper- and lower-bounds on the information a program releases. We show that both required information release and bounded release can be enforced using a security-type system.

Description

Other Available Sources

Research Data

Keywords

Information flow, declassification, information release, algorithmic knowledge

Terms of Use

This article is made available under the terms and conditions applicable to Open Access Policy Articles (OAP), as set forth at Terms of Service

URI

http://nrs.harvard.edu/urn-3:HUL.InstRepos:12582485

Collections

FAS Scholarly Articles

Endorsement

Review

Supplemented By

Related Stories