Declassification: Dimensions and principles

A Sabelfeld, D Sands - Journal of Computer Security, 2009 - journals.sagepub.com
Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …

A model for delimited information release

A Sabelfeld, AC Myers - Software Security-Theories and Systems: Second …, 2004 - Springer
Much work on security-typed languages lacks a satisfactory account of intentional
information release. In the context of confidentiality, a typical security guarantee provided by …

Dimensions and principles of declassification

A Sabelfeld, D Sands - 18th IEEE Computer Security …, 2005 - ieeexplore.ieee.org
Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …

Enforcing robust declassification

AC Myers, A Sabelfeld… - Proceedings. 17th IEEE …, 2004 - ieeexplore.ieee.org
Noninterference requires that there is no information flow from sensitive to public data in a
given system. However, many systems perform intentional release of sensitive information …

Enforcing robust declassification and qualified robustness

AC Myers, A Sabelfeld… - Journal of Computer …, 2006 - content.iospress.com
Noninterference requires that there is no information flow from sensitive to public data in a
given system. However, many systems release sensitive information as part of their intended …

Controlled declassification based on intransitive noninterference

H Mantel, D Sands - Asian Symposium on Programming Languages and …, 2004 - Springer
Traditional noninterference cannot cope with common features of secure systems like
channel control, information filtering, or explicit downgrading. Recent research has …

Noninterference for a practical difc-based operating system

M Krohn, E Tromer - 2009 30th IEEE Symposium on Security …, 2009 - ieeexplore.ieee.org
The Flume system is an implementation of decentralized information flow control (DIFC) at
the operating system level. Prior work has shown Flume can be implemented as a practical …

Java program verification at Nijmegen: Developments and perspective

B Jacobs, E Poll - International Symposium on Software Security, 2003 - Springer
This paper presents a historical overview of the work on Java program verification at the
University of Nijmegen (the Netherlands) over the past six years (1997–2003). It describes …

Localized delimited release: combining the what and where dimensions of information release

A Askarov, A Sabelfeld - Proceedings of the 2007 workshop on …, 2007 - dl.acm.org
Information release (or declassification) policies are the key challenge for language-based
information security. Although much progress has been made, different approaches to …

What, indeed, is intransitive noninterference?

R Van Der Meyden - Computer Security–ESORICS 2007: 12th European …, 2007 - Springer
This paper argues that Haigh and Young's definition of noninterference for intransitive
security policies admits information flows that are not in accordance with the intuitions it …