Secure information flow as a safety problem

Tachio Terauchi; Alex Aiken

doi:10.1007/11547662_24

Secure information flow as a safety problem

Tachio Terauchi^*, Alex Aiken

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

187 Citations (Scopus)

Abstract

The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages	352-367
Number of pages	16
DOIs	https://doi.org/10.1007/11547662_24
Publication status	Published - 2005
Externally published	Yes
Event	12th International Symposium on Static Analysis, SAS 2005 - London, United Kingdom Duration: 2005 Sept 7 → 2005 Sept 9

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3672 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	12th International Symposium on Static Analysis, SAS 2005
Country/Territory	United Kingdom
City	London
Period	05/9/7 → 05/9/9

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11547662_24

Cite this

Terauchi, T., & Aiken, A. (2005). Secure information flow as a safety problem. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 352-367). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3672 LNCS). https://doi.org/10.1007/11547662_24

Secure information flow as a safety problem. / Terauchi, Tachio; Aiken, Alex.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2005. p. 352-367 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3672 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Terauchi, T & Aiken, A 2005, Secure information flow as a safety problem. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3672 LNCS, pp. 352-367, 12th International Symposium on Static Analysis, SAS 2005, London, United Kingdom, 05/9/7. https://doi.org/10.1007/11547662_24

Terauchi T, Aiken A. Secure information flow as a safety problem. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2005. p. 352-367. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11547662_24

@inproceedings{7447574f3ab043eb9b2358849a293b50,

title = "Secure information flow as a safety problem",

abstract = "The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term {"}self-composition{"} to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.",

author = "Tachio Terauchi and Alex Aiken",

year = "2005",

doi = "10.1007/11547662_24",

language = "English",

isbn = "3540285849",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "352--367",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

note = "12th International Symposium on Static Analysis, SAS 2005 ; Conference date: 07-09-2005 Through 09-09-2005",

}

TY - GEN

T1 - Secure information flow as a safety problem

AU - Terauchi, Tachio

AU - Aiken, Alex

PY - 2005

Y1 - 2005

N2 - The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.

AB - The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term "self-composition" to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.

UR - http://www.scopus.com/inward/record.url?scp=33646037706&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646037706&partnerID=8YFLogxK

U2 - 10.1007/11547662_24

DO - 10.1007/11547662_24

M3 - Conference contribution

AN - SCOPUS:33646037706

SN - 3540285849

SN - 9783540285847

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 352

EP - 367

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

T2 - 12th International Symposium on Static Analysis, SAS 2005

Y2 - 7 September 2005 through 9 September 2005

ER -

Secure information flow as a safety problem

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this