-
Book Title: DTIC AD1000938: Information Flow Security for Interactive -
Language: english -
Post Date: 2025-04-04 15:19:41 -
PDF Size: 0.26 MB -
Book Pages: 28 -
Read Online: Read PDF Book Online -
PDF Download: Click to Download the PDF - Tags:
DTIC AD1000938: Information Flow Security for Interactive
More Book Details
Description of the Book:
Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing language-based security conditions founded on noninteractive models permit insecure information flows in interactive imperative programs. This paper formulates new strategy based information-flow security conditions for a simple imperative programming language that includes input and output operators. The semantics of the language enables a fine-grained approach to the resolution of nondeterministic choices. The security conditions leverage this approach to prohibit refinement attacks while still permitting observable nondeterminism. Extending the language with probabilistic choice yields a corresponding definition of probabilistic noninterference. A soundness theorem demonstrates the feasibility of statically enforcing the security conditions via a simple type system. These results constitute a step toward understanding and enforcing information-flow security in real-world programming languages, which include similar input and output operators
- Creator/s: Defense Technical Information Center
- Date: 5/1/2006
- Year: 2006
- Book Topics/Themes: DTIC Archive, O’Neill, Kevin R, Cornell University Ithaca United States, information security, programming languages, computer programs, computer security, input output processing
Leave a Reply