Tight Enforcement of Information-Release Policies for Dynamic Languages

Aslan Askarov; Andrei Sabelfeld

doi:10.1109/CSF.2009.22

C
CSF
2009
2009 22nd IEEE Computer Security Foundations Symposium
Abstract - Tight Enforcement of Information-Release Policies for Dynamic Languages

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Aslan Askarov Articles by Andrei Sabelfeld

2009 22nd IEEE Computer Security Foundations Symposium

Tight Enforcement of Information-Release Policies for Dynamic Languages

Port Jefferson, New York

July 08-July 10

ISBN: 978-0-7695-3712-2

	ASCII Text	x
	Aslan Askarov, Andrei Sabelfeld, "Tight Enforcement of Information-Release Policies for Dynamic Languages," 2012 IEEE 25th Computer Security Foundations Symposium, pp. 43-59, 2009 22nd IEEE Computer Security Foundations Symposium, 2009.

	BibTex	x
	@article{ 10.1109/CSF.2009.22, author = {Aslan Askarov and Andrei Sabelfeld}, title = {Tight Enforcement of Information-Release Policies for Dynamic Languages}, journal ={2012 IEEE 25th Computer Security Foundations Symposium}, volume = {0}, year = {2009}, issn = {1063-6900}, pages = {43-59}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSF.2009.22}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - 2012 IEEE 25th Computer Security Foundations Symposium TI - Tight Enforcement of Information-Release Policies for Dynamic Languages SN - 1063-6900 SP43 EP59 A1 - Aslan Askarov, A1 - Andrei Sabelfeld, PY - 2009 KW - language-based security KW - information flow KW - declassification VL - 0 JA - 2012 IEEE 25th Computer Security Foundations Symposium ER -

Aslan Askarov

Andrei Sabelfeld

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSF.2009.22

This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both termination-sensitive and insensitive security policies.

Index Terms:

language-based security, information flow, declassification

Citation:

Aslan Askarov, Andrei Sabelfeld, "Tight Enforcement of Information-Release Policies for Dynamic Languages," csf, pp.43-59, 2009 22nd IEEE Computer Security Foundations Symposium, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.