科研成果详情

题名Automated enforcement for relaxed information release with reference points
作者
发表日期2014-10-08
发表期刊Science China Information Sciences
ISSN/eISSN1674-733X
卷号57期号:11页码:1-19
摘要Language-based information flow security is a promising approach for enforcement of strong security and protection of the data confidentiality for the end-to-end communications. Here, noninterference is the standard and most restricted security property that completely forbids confidential data from being released to public context. Although this baseline property has been extensively enforced in various cases, there are still many programs, which are considered secure enough, violating this property in some way. In order to control the information release in these programs, the predetermined ways should be specified by means of which confidential data can be released. These intentional releases, also called declassifications, are regulated by several more relaxed security properties than noninterference. The security properties for controlled declassification have been developed on different dimensions with declassification goals. However, the mechanisms used to enforce these properties are still unaccommodating, unspecific, and insufficiently studied. In this work, a new security property, the Relaxed Release with Reference Points (R3P), is presented to limit the information that can be declassified in a program. Moreover, a new mechanism using reachability analysis has been proposed for the pushdown system to enforce R3P on programs. In order to show R3P is competent for use, it has been proved that it complies with the well-known prudent principles of declassification, and in addition finds some restrictions on our security policy. The widespread usage, precision, efficiency, and the influencing factors of our enforcement have been evaluated.
关键词declassification information flow noninterference program analysis pushdown system security policy
DOI10.1007/s11432-014-5168-7
URL查看来源
语种英语English
Scopus入藏号2-s2.0-84918807188
引用统计
被引频次:9[WOS]   [WOS记录]     [WOS相关记录]
文献类型期刊论文
条目标识符https://repository.uic.edu.cn/handle/39GCC9TT/13522
专题个人在本单位外知识产出
通讯作者Sun,Cong
作者单位
1.School of Computer Science and Technology,Xidian University,Xi’an,710071,China
2.School of Electronics Engineering and Computer Science,Peking University,Beijing,100871,China
推荐引用方式
GB/T 7714
Sun,Cong,Xi,Ning,Gao,Shenget al. Automated enforcement for relaxed information release with reference points[J]. Science China Information Sciences, 2014, 57(11): 1-19.
APA Sun,Cong, Xi,Ning, Gao,Sheng, Chen,Zhong, & Ma,Jian Feng. (2014). Automated enforcement for relaxed information release with reference points. Science China Information Sciences, 57(11), 1-19.
MLA Sun,Cong,et al."Automated enforcement for relaxed information release with reference points". Science China Information Sciences 57.11(2014): 1-19.
条目包含的文件
条目无相关文件。
个性服务
查看访问统计
谷歌学术
谷歌学术中相似的文章
[Sun,Cong]的文章
[Xi,Ning]的文章
[Gao,Sheng]的文章
百度学术
百度学术中相似的文章
[Sun,Cong]的文章
[Xi,Ning]的文章
[Gao,Sheng]的文章
必应学术
必应学术中相似的文章
[Sun,Cong]的文章
[Xi,Ning]的文章
[Gao,Sheng]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。