|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Declassification Policy Inference
If you have a question about this talk, please contact Sam Staton.
Security-type systems can provide strong information security guarantees but often require enormous programmer effort to be used in practice. In this talk, I will describe inference of fine-grained, human-readable declassification policies as a step towards providing security guarantees that are proportional to a programmer’s effort: the programmer should receive weak (but sound) security guarantees for little effort, and stronger guarantees for more effort.
I will present an information-flow type system with where policies may be inferred from existing program structure. The inference algorithm can find precise and intuitive descriptions of potentially dangerous information flows in a program, and policies specify what information is released under what conditions. A semantic security condition specifies what it means for a program to satisfy a policy.
Our work demonstrates the soundness of an analysis for programs in a simple imperative language with exceptions. Furthermore, we have extended the analysis to an object-sensitive interprocedural analysis for single-threaded Java 1.4 programs and developed a prototype implementation.
This talk is part of the Logic and Semantics Seminar (Computer Laboratory) series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsCambridge Centre for Climate Science The Eddington Lectures MAGDALENE FESTIVAL OF SOUND
Other talksBP Applications/Interview Skills Workshop PATENTS, INTELLECTUAL PROPERTY AND TRADEMARKS Lunchtime Talk: Helen's Bedroom Understanding radicalisation The pursuit of elusive 'win-win' results for forests and people in Peru A new monarchy for a new Commonwealth - monarchy and the consequences of Republican India