|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Declassification Policy Inference
If you have a question about this talk, please contact Sam Staton.
Security-type systems can provide strong information security guarantees but often require enormous programmer effort to be used in practice. In this talk, I will describe inference of fine-grained, human-readable declassification policies as a step towards providing security guarantees that are proportional to a programmer’s effort: the programmer should receive weak (but sound) security guarantees for little effort, and stronger guarantees for more effort.
I will present an information-flow type system with where policies may be inferred from existing program structure. The inference algorithm can find precise and intuitive descriptions of potentially dangerous information flows in a program, and policies specify what information is released under what conditions. A semantic security condition specifies what it means for a program to satisfy a policy.
Our work demonstrates the soundness of an analysis for programs in a simple imperative language with exceptions. Furthermore, we have extended the analysis to an object-sensitive interprocedural analysis for single-threaded Java 1.4 programs and developed a prototype implementation.
This talk is part of the Logic and Semantics Seminar (Computer Laboratory) series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsGates Conversation Cambridge Comparative Syntax Conference (CamCoS) Slavonic Film and Media Studies
Other talksThe Evolved and Evolving 'Mind' of the American South ? Global Economic Development and the Anthropocene Health Economics @ Cambridge seminar TBC Sustainable robotic devices for personalized medical assistance Rethinking the one-sex body: sex, gender and medicine in the medieval world