End-to-End Enforcement of Erasure and Declassification

CC
CSF
2008
2008 21st IEEE Computer Security Foundations Symposium
Abstract - End-to-End Enforcement of Erasure and Declassification

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Stephen Chong Articles by Andrew C. Myers

2008 21st IEEE Computer Security Foundations Symposium

June 23-June 25

ISBN: 978-0-7695-3182-3

	ASCII Text	x
	Stephen Chong, Andrew C. Myers, "End-to-End Enforcement of Erasure and Declassification," Computer Security Foundations Symposium, IEEE, pp. 98-111, 2008 21st IEEE Computer Security Foundations Symposium, 2008.

	BibTex	x
	@article{ 10.1109/CSF.2008.12, author = {Stephen Chong and Andrew C. Myers}, title = {End-to-End Enforcement of Erasure and Declassification}, journal ={Computer Security Foundations Symposium, IEEE}, volume = {0}, year = {2008}, isbn = {978-0-7695-3182-3}, pages = {98-111}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSF.2008.12}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Symposium, IEEE TI - End-to-End Enforcement of Erasure and Declassification SN - 978-0-7695-3182-3 SP98 EP111 A1 - Stephen Chong, A1 - Andrew C. Myers, PY - 2008 KW - Erasure KW - Declassification KW - Information flow KW - Language-based security KW - Expressive security policies KW - Noninterference VL - 0 JA - Computer Security Foundations Symposium, IEEE ER -

Stephen Chong

Andrew C. Myers

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSF.2008.12

Declassification occurs when the confidentiality of information is weakened; erasure occurs when the confidentiality of information is strengthened, perhaps to the point of completely removing the information from the system. This paper shows how to enforce erasure and declassification policies. A combination of a type system that controls information flow and a simple runtime mechanism to overwrite data ensures end-to-end enforcement of policies. We prove that well-typed programs satisfy the semantic security condition noninterference according to policy. We extend the Jif programming language with erasure and declassification enforcement mechanisms and use the resulting language in a large case study of a voting system.

Index Terms:

Erasure, Declassification, Information flow, Language-based security, Expressive security policies, Noninterference

Citation:

Stephen Chong, Andrew C. Myers, "End-to-End Enforcement of Erasure and Declassification," csf, pp.98-111, 2008 21st IEEE Computer Security Foundations Symposium, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.