|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Declassification Policy Inference
If you have a question about this talk, please contact Sam Staton.
Security-type systems can provide strong information security guarantees but often require enormous programmer effort to be used in practice. In this talk, I will describe inference of fine-grained, human-readable declassification policies as a step towards providing security guarantees that are proportional to a programmer’s effort: the programmer should receive weak (but sound) security guarantees for little effort, and stronger guarantees for more effort.
I will present an information-flow type system with where policies may be inferred from existing program structure. The inference algorithm can find precise and intuitive descriptions of potentially dangerous information flows in a program, and policies specify what information is released under what conditions. A semantic security condition specifies what it means for a program to satisfy a policy.
Our work demonstrates the soundness of an analysis for programs in a simple imperative language with exceptions. Furthermore, we have extended the analysis to an object-sensitive interprocedural analysis for single-threaded Java 1.4 programs and developed a prototype implementation.
This talk is part of the Logic and Semantics Seminar (Computer Laboratory) series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsFaculty Library Events (PPSIS) Exoplanet Meetings International Political Economy Research Group
Other talksHow do microRNAs work? Stem cell control in the Drosophila gut Motion filtering: Marshalling, steering and sorting 'Patterning within the disturbance of coherence': the practical work of measuring and classifying infant disorganised attachment Controlling Life with Photons Distributed Search