Information-Flow Security for Interactive Programs
dc.contributor.author | O'Neill, Kevin R. | en_US |
dc.contributor.author | Clarkson, Michael R. | en_US |
dc.contributor.author | Chong, Stephen | en_US |
dc.date.accessioned | 2007-04-04T20:21:46Z | |
dc.date.available | 2007-04-04T20:21:46Z | |
dc.date.issued | 2006-04-17 | en_US |
dc.description.abstract | Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing language-based security conditions founded on noninteractive models permit insecure information flows in interactive imperative programs. This paper formulates new strategy-based information-flow security conditions for a simple imperative programming language that includes input and output operators. The semantics of the language enables a fine-grained approach to the resolution of nondeterministic choices. The security conditions leverage this approach to prohibit refinement attacks while still permitting observable nondeterminism. Extending the language with probabilistic choice yields a corresponding definition of probabilistic noninterference. A soundness theorem demonstrates the feasibility of statically enforcing the security conditions via a simple type system. These results constitute a step toward understanding and enforcing information-flow security in real-world programming languages, which include similar input and output operators. | en_US |
dc.format.extent | 375074 bytes | |
dc.format.mimetype | application/postscript | |
dc.identifier.citation | http://techreports.library.cornell.edu:8081/Dienst/UI/1.0/Display/cul.cis/TR2006-2022 | en_US |
dc.identifier.uri | https://hdl.handle.net/1813/5721 | |
dc.language.iso | en_US | en_US |
dc.publisher | Cornell University | en_US |
dc.subject | computer science | en_US |
dc.subject | technical report | en_US |
dc.title | Information-Flow Security for Interactive Programs | en_US |
dc.type | technical report | en_US |
Files
Original bundle
1 - 1 of 1