Capabilities for information flow

ACM Workshop on Programming Languages and Analysis for Security Pub Date : 2011-06-05 DOI:10.1145/2166956.2166961
Arnar Birgisson, Alejandro Russo, A. Sabelfeld
{"title":"Capabilities for information flow","authors":"Arnar Birgisson, Alejandro Russo, A. Sabelfeld","doi":"10.1145/2166956.2166961","DOIUrl":null,"url":null,"abstract":"This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.","PeriodicalId":119000,"journal":{"name":"ACM Workshop on Programming Languages and Analysis for Security","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2166956.2166961","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 23

Abstract

This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
信息流的功能
本文提出了一种基于能力的机制,用于允许且安全地执行信息流策略。语言功能已经得到了广泛的研究,并且有几种流行的实现,例如Caja和Joe-E。通过将功能与信息流连接起来,我们可以使用功能系统顺利实施信息流策略。本文提出了一种转换方法,即给定一个用简单命令式语言编写的任意源程序,用具有能力的语言生成一个安全的程序。我们提供了正式的安全和许可保证,并报告了使用Caja的web应用程序执行信息流策略的实验。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Workshop on Programming Languages and Analysis for Security
ACM Workshop on Programming Languages and Analysis for Security
自引率
0.00%
发文量
0
期刊最新文献
Faceted execution of policy-agnostic programs Position paper: the science of boxing Knowledge inference for optimizing secure multi-party computation Fault-tolerant non-interference: invited talk abstract WEBLOG: a declarative language for secure web development
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1