题名 | Automated enforcement for relaxed information release with reference points |
作者 | |
发表日期 | 2014-10-08 |
发表期刊 | Science China Information Sciences
![]() |
ISSN/eISSN | 1674-733X |
卷号 | 57期号:11页码:1-19 |
摘要 | Language-based information flow security is a promising approach for enforcement of strong security and protection of the data confidentiality for the end-to-end communications. Here, noninterference is the standard and most restricted security property that completely forbids confidential data from being released to public context. Although this baseline property has been extensively enforced in various cases, there are still many programs, which are considered secure enough, violating this property in some way. In order to control the information release in these programs, the predetermined ways should be specified by means of which confidential data can be released. These intentional releases, also called declassifications, are regulated by several more relaxed security properties than noninterference. The security properties for controlled declassification have been developed on different dimensions with declassification goals. However, the mechanisms used to enforce these properties are still unaccommodating, unspecific, and insufficiently studied. In this work, a new security property, the Relaxed Release with Reference Points (R3P), is presented to limit the information that can be declassified in a program. Moreover, a new mechanism using reachability analysis has been proposed for the pushdown system to enforce R3P on programs. In order to show R3P is competent for use, it has been proved that it complies with the well-known prudent principles of declassification, and in addition finds some restrictions on our security policy. The widespread usage, precision, efficiency, and the influencing factors of our enforcement have been evaluated. |
关键词 | declassification information flow noninterference program analysis pushdown system security policy |
DOI | 10.1007/s11432-014-5168-7 |
URL | 查看来源 |
语种 | 英语English |
Scopus入藏号 | 2-s2.0-84918807188 |
引用统计 | |
文献类型 | 期刊论文 |
条目标识符 | https://repository.uic.edu.cn/handle/39GCC9TT/13522 |
专题 | 个人在本单位外知识产出 |
通讯作者 | Sun,Cong |
作者单位 | 1.School of Computer Science and Technology,Xidian University,Xi’an,710071,China 2.School of Electronics Engineering and Computer Science,Peking University,Beijing,100871,China |
推荐引用方式 GB/T 7714 | Sun,Cong,Xi,Ning,Gao,Shenget al. Automated enforcement for relaxed information release with reference points[J]. Science China Information Sciences, 2014, 57(11): 1-19. |
APA | Sun,Cong, Xi,Ning, Gao,Sheng, Chen,Zhong, & Ma,Jian Feng. (2014). Automated enforcement for relaxed information release with reference points. Science China Information Sciences, 57(11), 1-19. |
MLA | Sun,Cong,et al."Automated enforcement for relaxed information release with reference points". Science China Information Sciences 57.11(2014): 1-19. |
条目包含的文件 | 条目无相关文件。 |
个性服务 |
查看访问统计 |
谷歌学术 |
谷歌学术中相似的文章 |
[Sun,Cong]的文章 |
[Xi,Ning]的文章 |
[Gao,Sheng]的文章 |
百度学术 |
百度学术中相似的文章 |
[Sun,Cong]的文章 |
[Xi,Ning]的文章 |
[Gao,Sheng]的文章 |
必应学术 |
必应学术中相似的文章 |
[Sun,Cong]的文章 |
[Xi,Ning]的文章 |
[Gao,Sheng]的文章 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论