Secure information flow by self-composition
- Autores
- Barthe, Gilles; D'argenio, Pedro Ruben; Rezk, Tamara
- Año de publicación
- 2011
- Idioma
- inglés
- Tipo de recurso
- artículo
- Estado
- versión publicada
- Descripción
- Information flow policies are confidentiality policies that control information leakage through program execution. A common way to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proved sound for each new variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism for enforcing a variety of safety policies, and for this reason are favoured in Proof Carrying Code, which is a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, which reduces the problem of secure information flow of a program P to a safety property for a program derived from P by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policy verification, such as program logics and model checking, that are suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages including an imperative language with parallel composition, a non-deterministic language and, finally, a language with shared mutable data structures.
Fil: Barthe, Gilles. No especifíca;
Fil: D'argenio, Pedro Ruben. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física. Sección Ciencias de la Computación; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Córdoba; Argentina
Fil: Rezk, Tamara. No especifíca; - Materia
-
INFORMATION FLOW
SELF-COMPOSITION
LANGUAGE-BASED SECURITY - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- https://creativecommons.org/licenses/by-nc-sa/2.5/ar/
- Repositorio
- Institución
- Consejo Nacional de Investigaciones Científicas y Técnicas
- OAI Identificador
- oai:ri.conicet.gov.ar:11336/195163
Ver los metadatos del registro completo
id |
CONICETDig_d21a25c5be3ebf004967c5d2294223fd |
---|---|
oai_identifier_str |
oai:ri.conicet.gov.ar:11336/195163 |
network_acronym_str |
CONICETDig |
repository_id_str |
3498 |
network_name_str |
CONICET Digital (CONICET) |
spelling |
Secure information flow by self-compositionBarthe, GillesD'argenio, Pedro RubenRezk, TamaraINFORMATION FLOWSELF-COMPOSITIONLANGUAGE-BASED SECURITYhttps://purl.org/becyt/ford/1.2https://purl.org/becyt/ford/1Information flow policies are confidentiality policies that control information leakage through program execution. A common way to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proved sound for each new variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism for enforcing a variety of safety policies, and for this reason are favoured in Proof Carrying Code, which is a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, which reduces the problem of secure information flow of a program P to a safety property for a program derived from P by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policy verification, such as program logics and model checking, that are suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages including an imperative language with parallel composition, a non-deterministic language and, finally, a language with shared mutable data structures.Fil: Barthe, Gilles. No especifíca;Fil: D'argenio, Pedro Ruben. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física. Sección Ciencias de la Computación; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Córdoba; ArgentinaFil: Rezk, Tamara. No especifíca;Cambridge University Press2011-12info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501info:ar-repo/semantics/articuloapplication/pdfapplication/pdfhttp://hdl.handle.net/11336/195163Barthe, Gilles; D'argenio, Pedro Ruben; Rezk, Tamara; Secure information flow by self-composition; Cambridge University Press; Mathematical Structures In Computer Science; 21; 6; 12-2011; 1207-12520960-1295CONICET DigitalCONICETenginfo:eu-repo/semantics/altIdentifier/url/https://www.cambridge.org/core/journals/mathematical-structures-in-computer-science/article/abs/secure-information-flow-by-selfcomposition/E4DE2A8A9B914434160A4AAFA8A5FB7Binfo:eu-repo/semantics/altIdentifier/doi/10.1017/S0960129511000193info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/2.5/ar/reponame:CONICET Digital (CONICET)instname:Consejo Nacional de Investigaciones Científicas y Técnicas2025-09-29T09:52:11Zoai:ri.conicet.gov.ar:11336/195163instacron:CONICETInstitucionalhttp://ri.conicet.gov.ar/Organismo científico-tecnológicoNo correspondehttp://ri.conicet.gov.ar/oai/requestdasensio@conicet.gov.ar; lcarlino@conicet.gov.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:34982025-09-29 09:52:11.388CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicasfalse |
dc.title.none.fl_str_mv |
Secure information flow by self-composition |
title |
Secure information flow by self-composition |
spellingShingle |
Secure information flow by self-composition Barthe, Gilles INFORMATION FLOW SELF-COMPOSITION LANGUAGE-BASED SECURITY |
title_short |
Secure information flow by self-composition |
title_full |
Secure information flow by self-composition |
title_fullStr |
Secure information flow by self-composition |
title_full_unstemmed |
Secure information flow by self-composition |
title_sort |
Secure information flow by self-composition |
dc.creator.none.fl_str_mv |
Barthe, Gilles D'argenio, Pedro Ruben Rezk, Tamara |
author |
Barthe, Gilles |
author_facet |
Barthe, Gilles D'argenio, Pedro Ruben Rezk, Tamara |
author_role |
author |
author2 |
D'argenio, Pedro Ruben Rezk, Tamara |
author2_role |
author author |
dc.subject.none.fl_str_mv |
INFORMATION FLOW SELF-COMPOSITION LANGUAGE-BASED SECURITY |
topic |
INFORMATION FLOW SELF-COMPOSITION LANGUAGE-BASED SECURITY |
purl_subject.fl_str_mv |
https://purl.org/becyt/ford/1.2 https://purl.org/becyt/ford/1 |
dc.description.none.fl_txt_mv |
Information flow policies are confidentiality policies that control information leakage through program execution. A common way to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proved sound for each new variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism for enforcing a variety of safety policies, and for this reason are favoured in Proof Carrying Code, which is a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, which reduces the problem of secure information flow of a program P to a safety property for a program derived from P by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policy verification, such as program logics and model checking, that are suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages including an imperative language with parallel composition, a non-deterministic language and, finally, a language with shared mutable data structures. Fil: Barthe, Gilles. No especifíca; Fil: D'argenio, Pedro Ruben. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física. Sección Ciencias de la Computación; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Córdoba; Argentina Fil: Rezk, Tamara. No especifíca; |
description |
Information flow policies are confidentiality policies that control information leakage through program execution. A common way to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proved sound for each new variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism for enforcing a variety of safety policies, and for this reason are favoured in Proof Carrying Code, which is a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, which reduces the problem of secure information flow of a program P to a safety property for a program derived from P by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policy verification, such as program logics and model checking, that are suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages including an imperative language with parallel composition, a non-deterministic language and, finally, a language with shared mutable data structures. |
publishDate |
2011 |
dc.date.none.fl_str_mv |
2011-12 |
dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion http://purl.org/coar/resource_type/c_6501 info:ar-repo/semantics/articulo |
format |
article |
status_str |
publishedVersion |
dc.identifier.none.fl_str_mv |
http://hdl.handle.net/11336/195163 Barthe, Gilles; D'argenio, Pedro Ruben; Rezk, Tamara; Secure information flow by self-composition; Cambridge University Press; Mathematical Structures In Computer Science; 21; 6; 12-2011; 1207-1252 0960-1295 CONICET Digital CONICET |
url |
http://hdl.handle.net/11336/195163 |
identifier_str_mv |
Barthe, Gilles; D'argenio, Pedro Ruben; Rezk, Tamara; Secure information flow by self-composition; Cambridge University Press; Mathematical Structures In Computer Science; 21; 6; 12-2011; 1207-1252 0960-1295 CONICET Digital CONICET |
dc.language.none.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/https://www.cambridge.org/core/journals/mathematical-structures-in-computer-science/article/abs/secure-information-flow-by-selfcomposition/E4DE2A8A9B914434160A4AAFA8A5FB7B info:eu-repo/semantics/altIdentifier/doi/10.1017/S0960129511000193 |
dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
eu_rights_str_mv |
openAccess |
rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
dc.format.none.fl_str_mv |
application/pdf application/pdf |
dc.publisher.none.fl_str_mv |
Cambridge University Press |
publisher.none.fl_str_mv |
Cambridge University Press |
dc.source.none.fl_str_mv |
reponame:CONICET Digital (CONICET) instname:Consejo Nacional de Investigaciones Científicas y Técnicas |
reponame_str |
CONICET Digital (CONICET) |
collection |
CONICET Digital (CONICET) |
instname_str |
Consejo Nacional de Investigaciones Científicas y Técnicas |
repository.name.fl_str_mv |
CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicas |
repository.mail.fl_str_mv |
dasensio@conicet.gov.ar; lcarlino@conicet.gov.ar |
_version_ |
1844613601895120896 |
score |
13.070432 |