|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Declassification Policy Inference
If you have a question about this talk, please contact Sam Staton.
Security-type systems can provide strong information security guarantees but often require enormous programmer effort to be used in practice. In this talk, I will describe inference of fine-grained, human-readable declassification policies as a step towards providing security guarantees that are proportional to a programmer’s effort: the programmer should receive weak (but sound) security guarantees for little effort, and stronger guarantees for more effort.
I will present an information-flow type system with where policies may be inferred from existing program structure. The inference algorithm can find precise and intuitive descriptions of potentially dangerous information flows in a program, and policies specify what information is released under what conditions. A semantic security condition specifies what it means for a program to satisfy a policy.
Our work demonstrates the soundness of an analysis for programs in a simple imperative language with exceptions. Furthermore, we have extended the analysis to an object-sensitive interprocedural analysis for single-threaded Java 1.4 programs and developed a prototype implementation.
This talk is part of the Logic and Semantics Seminar (Computer Laboratory) series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsNew Results in X-ray Astronomy 2009 Leverhulme Lecture Annual Meeting of the Cambridge Cell Cycle Club
Other talksParticles and fluids NuSTAR Health economic evaluation: what can it do for me? Insights into the moecular basis of of neurodegenerative disease Virtual Webinar! series 7: Learning to jazz improvise Inferno XV, Purgatorio XV, Paradiso XV