Abstract
Traditional noninterference cannot cope with common features of secure systems like channel control, information filtering, or explicit downgrading. Recent research has addressed the derivation and use of weaker security conditions that could support such features in a language-based setting. However, a fully satisfactory solution to the problem has yet to be found. A key problem is to permit exceptions to a given security policy without permitting too much. In this article, we propose an approach that draws its underlying ideas from intransitive noninterference, a concept usually used on a more abstract specification level. Our results include a new bisimulation-based security condition that controls tightly where downgrading can occur and a sound security type system for checking this condition.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Agat, J.: Transforming out Timing Leaks. In: Proceedings of the ACM Symposium on Principles of Programming Languages, pp. 40–53 (2000)
Bell, D.E., LaPadula, L.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, MITRE (1976)
Backes, M., Pfitzmann, B.: Computational Probabilistic Non-interference. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 1–23. Springer, Heidelberg (2002)
Bossi, A., Piazza, C., Rossi, S.: Modelling Downgrading in Information Flow Security. In: Proc. of IEEE CSFW (to appear, 2004)
Clark, D., Hunt, S., Malacaria, P.: Quantitative Analysis of the Leakage of Confidential Data. In: Quantitative Aspects of Programming Languages—Selected papers from QAPL 2001. ENTCS, vol. 59 (2002)
Cohen, E.S.: Information Transmission in Sequential Programs. In: Foundations of Secure Computation, pp. 297–335. Academic Press, London (1978)
Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of the ACM 19(5), 236–243 (1976)
Di Pierro, A., Hankin, C., Wiklicky, H.: Approximate Non-Interference. In: Proceedings of IEEE CSFW, pp. 1–17 (2002)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Laud, P.: Handling Encryption in an Analysis for Secure Information Flow. In: Degano, P. (ed.) ESOP 2003 and ETAPS 2003. LNCS, vol. 2618, pp. 159–173. Springer, Heidelberg (2003)
Lowe, G.: Quantifying Information Flow. In: Proceedings of IEEE CSFW, pp. 18–31 (2002)
Mantel, H.: Information Flow Control and Applications – Bridging a Gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)
Mitchell, J., Ramanathan, A., Scedrov, A., Teague, V.: A Probabilistic Polynomial-Time Calculus for Analysis of Cryptographic Protocols (Preliminary report). In: Proc. of the Conf. on the Math. Foundations of Programming Semantics 1976. ENTCS, vol. 45 (2001)
Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing Robust Declassification. In: Proc. of IEEE CSFW (to appear, 2004)
von Oheimb, D.: Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)
Pinsky, S.: Absorbing Covers and Intransitive Non-Interference. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 102–113 (1995)
Roscoe, A.W., Goldsmith, M.H.: What is Intransitive Noninterference? In: Proceedings of IEEE CSFW, pp. 228–238 (1999)
Rushby, J.M.: Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report CSL-92-02, SRI International (1992)
Sabelfeld, A., Myers, A.C.: A Model for Delimited Information Release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)
Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: Probabilistic Noninterference for Multi-threaded Programs. In: Proceedings of IEEE CSFW, pp. 200–214 (2000)
Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. HOSC 14(1), 59–91 (2001)
Volpano, D., Smith, G.: Eliminating Covert Flows with Minimum Typings. In: Proceedings of IEEE CSFW, pp. 156–168 (1997)
Volpano, D.M., Smith, G.: Verifying Secrets and Relative Secrecy. In: Proceedings of POPL, pp. 268–276 (2000)
Zdancewic, S.: A Type System for Robust Declassification. In: Proc. of the Conf. on the Math. Foundations of Programming Semantics. ENTCS (2003)
Zdancewic, S., Myers, A.C.: Robust Declassification. In: Proceedings of IEEE CSFW, pp. 15–23 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mantel, H., Sands, D. (2004). Controlled Declassification Based on Intransitive Noninterference. In: Chin, WN. (eds) Programming Languages and Systems. APLAS 2004. Lecture Notes in Computer Science, vol 3302. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30477-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-30477-7_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23724-2
Online ISBN: 978-3-540-30477-7
eBook Packages: Springer Book Archive