Publication: Information-Flow Security for Interactive Programs
No Thumbnail Available
Date
Published Version
Journal Title
Journal ISSN
Volume Title
Publisher
IEEE
The Harvard community has made this article openly available. Please share how this access benefits you.
Citation
O'Neill, K.R, M.R Clarkson, and S. Chong. 2006. Information-flow Security for Interactive Programs. 19th IEEE Computer Security Foundations Workshop (CSFW'06), Venice, Italy, 5-7 July 2006, 9077925. IEEE.
Research Data
Abstract
Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such pro- grams motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Fur- ther, existing language-based security conditions founded on noninteractive models permit insecure information flows in interactive imperative programs. This paper formulates new strategy-based information-flow security conditions for a simple imperative programming language that includes input and output operators. The semantics of the lan- guage enables a fine-grained approach to the resolution of nondeterministic choices. The security conditions lever- age this approach to prohibit refinement attacks while still permitting observable nondeterminism. Extending the lan- guage with probabilistic choice yields a corresponding def- inition of probabilistic noninterference. A soundness theo- rem demonstrates the feasibility of statically enforcing the security conditions via a simple type system. These re- sults constitute a step toward understanding and enforcing information-flow security in real-world programming lan- guages, which include similar input and output operators.
Description
Other Available Sources
Keywords
Terms of Use
This article is made available under the terms and conditions applicable to Other Posted Material (LAA), as set forth at Terms of Service