TY - GEN
T1 - Assuming you know
T2 - 31st IEEE Computer Security Foundations Symposium, CSF 2018
AU - Chudnov, Andrey
AU - Naumann, David A.
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/8/7
Y1 - 2018/8/7
N2 - Many high-level security requirements are about the allowed flow of information in programs, but are difficult to make precise because they involve selective downgrading. Quite a few mutually incompatible and ad-hoc approaches have been proposed for specifying and enforcing downgrading policies. Prior surveys of these approaches have not provided a unifying technical framework. Notions from epistemic logic have emerged as a good approach to policy semantics but are considerably removed from well developed static and dynamic enforcement techniques. We develop a unified framework for expressing, giving meaning and enforcing information downgrading policies that builds on commonly known and widely deployed concepts and techniques, especially static and dynamic assertion checking. These concepts should make information flow accessible and enable developers without special training to specify precise policies. The unified framework allows to directly compare different policy specification styles and enforce them by leveraging existing techniques.
AB - Many high-level security requirements are about the allowed flow of information in programs, but are difficult to make precise because they involve selective downgrading. Quite a few mutually incompatible and ad-hoc approaches have been proposed for specifying and enforcing downgrading policies. Prior surveys of these approaches have not provided a unifying technical framework. Notions from epistemic logic have emerged as a good approach to policy semantics but are considerably removed from well developed static and dynamic enforcement techniques. We develop a unified framework for expressing, giving meaning and enforcing information downgrading policies that builds on commonly known and widely deployed concepts and techniques, especially static and dynamic assertion checking. These concepts should make information flow accessible and enable developers without special training to specify precise policies. The unified framework allows to directly compare different policy specification styles and enforce them by leveraging existing techniques.
KW - epistemic-logic
KW - information-flow-security
KW - monitoring
KW - program-annotations
KW - relational-verification
UR - http://www.scopus.com/inward/record.url?scp=85052147187&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85052147187&partnerID=8YFLogxK
U2 - 10.1109/CSF.2018.00021
DO - 10.1109/CSF.2018.00021
M3 - Conference contribution
AN - SCOPUS:85052147187
SN - 9781538666807
T3 - Proceedings - IEEE Computer Security Foundations Symposium
SP - 189
EP - 203
BT - Proceedings - IEEE 31st Computer Security Foundations Symposium, CSF 2018
Y2 - 9 July 2018 through 12 July 2018
ER -