Required Information Release
View/ Open
Chong_RequiredInfo.pdf (366.4Kb)
Access Status
Full text of the requested work is not available in DASH at this time ("restricted access"). For more information on restricted deposits, see our FAQ.Author
Published Version
http://ieeexplore.ieee.org/xpl/conferences.jspMetadata
Show full item recordCitation
Chong, Stephen. Forthcoming. Required information release. Proceedings of the 22nd IEEE Computer Security Foundations Symposium 17-19 July 2010, Edinburgh, UK. Los Alamitos, CA: IEEE Computer Society.Abstract
Many computer systems have a functional requirement to release information. Such requirements are an important part of a system’s information security requirements. Current information-flow control techniques are able to reason about permitted information flows, but not required information flows. In this paper, we introduce and explore the specification and enforcement of required information release in a language-based setting. We define semantic security conditions that express both what information a program is required to release, and how an observer is able to learn this information. We also consider the relationship between permitted and required information release, and define bounded release, which provides upper- and lower- bounds on the information a program releases. We show that both required information release and bounded release can be enforced using a security-type system.Citable link to this page
http://nrs.harvard.edu/urn-3:HUL.InstRepos:4101999
Collections
- FAS Scholarly Articles [18292]
Contact administrator regarding this item (to report mistakes or request changes)