Skip to main content
SpringerLink
Log in

Decentralized Delimited Release

  • Conference paper
Programming Languages and Systems (APLAS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7078))

Included in the following conference series:

Abstract

Decentralization is a major challenge for secure computing. In a decentralized setting, principals are free to distrust each other. The key challenge is to provide support for expressing and enforcing expressive decentralized policies. This paper focuses on declassification policies, i.e., policies for intended information release.We propose a decentralized language-independent framework for expressing what information can be released. The framework enables combination of data owned by different principals without compromising their respective security policies. A key feature is that information release is permitted only when the owners of the data agree on releasing it. We instantiate the framework for a simple imperative language to show how the decentralized declassification policies can be enforced by a runtime monitor and discuss a prototype that secures programs by inlining the monitor in the code.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Banerjee, A., Heintze, N., Riecke, J.: A core calculus of dependency. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 147–160 (January 1999)

    Google Scholar 

  2. ANTLR Parser Generator, http://www.antlr.org/

  3. Askarov, A., Myers, A.: A Semantic Framework for Declassification and Endorsement. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 64–84. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Askarov, A., Sabelfeld, A.: Localized delimited release: Combining the what and where dimensions of information release. In: Proc. ACM Workshop on Programming Languages and Analysis for Security (PLAS), pp. 53–60 (June 2007)

    Google Scholar 

  5. Askarov, A., Sabelfeld, A.: Tight enforcement of information-release policies for dynamic languages. In: Proc. IEEE Computer Security Foundations Symposium (July 2009)

    Google Scholar 

  6. Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: Proc. ACM Workshop on Programming Languages and Analysis for Security (PLAS) (June 2009)

    Google Scholar 

  7. Austin, T.H., Flanagan, C.: Permissive dynamic information flow analysis. Technical Report UCSC-SOE-09-34, University of California, Santa Cruz (2009)

    Google Scholar 

  8. Banerjee, A., Naumann, D., Rosenberg, S.: Expressive declassification policies and modular static enforcement. In: Proc. IEEE Symp. on Security and Privacy, pp. 339–353 (May 2008)

    Google Scholar 

  9. Barthe, G., Cavadini, S., Rezk, T.: Tractable enforcement of declassification policies. In: Proc. IEEE Computer Security Foundations Symposium (June 2008)

    Google Scholar 

  10. Broberg, N., Sands, D.: Paralocks: role-based information flow control and beyond. In: Proc. ACM Symp. on Principles of Programming Languages (January 2010)

    Google Scholar 

  11. Chen, H., Chong, S.: Owned policies for information security. In: Proc. IEEE Computer Security Foundations Workshop (June 2004)

    Google Scholar 

  12. Cheng, W.: Information Flow for Secure Distributed Applications. PhD thesis, Massachusetts Institute of Technology (September 2009)

    Google Scholar 

  13. Chong, S.: Required information release. In: Proc. IEEE Computer Security Foundations Symposium (July 2010)

    Google Scholar 

  14. Chong, S., Myers, A.C.: Decentralized robustness. In: Proc. IEEE Computer Security Foundations Workshop, pp. 242–253 (July 2006)

    Google Scholar 

  15. Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: Proc. IEEE Computer Security Foundations Symposium (July 2010)

    Google Scholar 

  16. Cohen, E.S.: Information transmission in sequential programs. In: DeMillo, R.A., Dobkin, D.P., Jones, A.K., Lipton, R.J. (eds.) Foundations of Secure Computation, pp. 297–335. Academic Press (1978)

    Google Scholar 

  17. Decat, M., De Ryck, P., Desmet, L., Piessens, F., Joosen, W.: Towards building secure web mashups. In: Proc. AppSec Research (June 2010)

    Google Scholar 

  18. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  19. Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., Morris, R.: Labels and event processes in the Asbestos operating system. In: Proc. 20th ACM Symp. on Operating System Principles (SOSP) (October 2005)

    Google Scholar 

  20. Eich, B.: Flowsafe: Information flow security for the browser (October 2009), https://wiki.mozilla.org/FlowSafe

  21. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)

    Google Scholar 

  22. Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: Proc. 21st ACM Symp. on Operating System Principles, SOSP (2007)

    Google Scholar 

  23. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. In: Proc. ACM Symp. on Operating System Principles, pp. 165–182 (October 1991); Operating System Review 253(5)

    Google Scholar 

  24. Lux, A., Mantel, H.: Who Can Declassify? In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 35–49. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Maffeis, S., Mitchell, J.C., Taly, A.: Object capabilities and isolation of untrusted web applications. In: Proc. IEEE Symp. on Security and Privacy (May 2010)

    Google Scholar 

  26. Magazinius, J., Askarov, A., Sabelfeld, A.: A lattice-based approach to mashup security. In: Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS) (April 2010)

    Google Scholar 

  27. Magazinius, J., Askarov, A., Sabelfeld, A.: Decentralized delimited release. Technical report, Chalmers University of Technology (2011), http://www.cse.chalmers.se/~d02pulse/ddr-tr.pdf

  28. Magazinius, J., Phung, P., Sands, D.: Safe wrappers and sane policies for self protecting javascript. In: Nordic Conference on Secure IT Systems. Springer, Heidelberg (2010)

    Google Scholar 

  29. Magazinius, J., Russo, A., Sabelfeld, A.: On-the-Fly Inlining of Dynamic Security Monitors. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 173–186. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  30. Mantel, H., Reinhard, A.: Controlling the What and Where of Declassification in Language-Based Security. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 141–156. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  31. Miller, M., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized javascript (2008)

    Google Scholar 

  32. Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Proc. ACM Symp. on Operating System Principles, pp. 129–142 (October 1997)

    Google Scholar 

  33. Myers, A.C., Liskov, B.: Complete, safe information flow with decentralized labels. In: Proc. IEEE Symp. on Security and Privacy, pp. 186–197 (May 1998)

    Google Scholar 

  34. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)

    Article  Google Scholar 

  35. Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. J. Computer Security 14(2), 157–196 (2006)

    Article  Google Scholar 

  36. Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow. Software release. Located (July 2001-2009), http://www.cs.cornell.edu/jif

  37. Opera, User JavaScript, http://www.opera.com/docs/userjs/

  38. Praxis High Integrity Systems. Sparkada examiner. Software release, http://www.praxis-his.com/sparkada/

  39. Russo, A., Sabelfeld, A.: Securing timeout instructions in web applications. In: Proc. IEEE Computer Security Foundations Symposium (July 2009)

    Google Scholar 

  40. Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: Proc. IEEE Computer Security Foundations Symposium (July 2010)

    Google Scholar 

  41. Russo, A., Sabelfeld, A., Chudnov, A.: Tracking Information Flow in Dynamic Tree Structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 86–103. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  42. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  43. Sabelfeld, A., Myers, A.C.: A Model for Delimited Information Release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  44. Sabelfeld, A., Russo, A.: From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research. In: Pnueli, A., Virbitskaite, I., Voronkov, A. (eds.) PSI 2009. LNCS, vol. 5947, pp. 352–365. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  45. Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 40–58. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  46. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. J. Computer Security 17(5), 517–548 (2009)

    Article  Google Scholar 

  47. Simonet, V.: The Flow Caml system. Software release. Located (July 2003), http://cristal.inria.fr/~simonet/soft/flowcaml/

  48. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Computer Security 4(3), 167–187 (1996)

    Article  Google Scholar 

  49. Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: Proc. 7th USENIX Symp. on Operating Systems Design and Implementation (OSDI), pp. 263–278 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chalmers University of Technology, Sweden

    Jonas Magazinius & Andrei Sabelfeld

  2. Cornell University, USA

    Aslan Askarov

Authors
  1. Jonas Magazinius
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aslan Askarov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrei Sabelfeld
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Oxford, Parks Road, OX1 3QD, Oxford, UK

    Hongseok Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Magazinius, J., Askarov, A., Sabelfeld, A. (2011). Decentralized Delimited Release. In: Yang, H. (eds) Programming Languages and Systems. APLAS 2011. Lecture Notes in Computer Science, vol 7078. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25318-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25318-8_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25317-1

  • Online ISBN: 978-3-642-25318-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation