Loading...
Please wait, while we are loading the content...
Similar Documents
Managing Policy Updates in Security-Typed Languages (2006)
| Content Provider | CiteSeerX |
|---|---|
| Author | Swamy, Nikhil Hicks, Michael Tse, Stephen Zdancewic, Steve |
| Description | This paper presents RX, a new security-typed programming language with features intended to make the management of information-flow policies more practical. Security labels in RX, in contrast to prior approaches, are defined in terms of owned roles, as found in the RT rolebased trust-management framework. Role-based security policies allows flexible delegation, and our language RX provides constructs through which programs can robustly update policies and react to policy updates dynamically. Our dynamic semantics use statically verified transactions to eliminate illegal information flows across updates, which we call transitive flow. Because policy updates can be observed through dynamic queries, policy updates can potentially reveal sensitive information. As such, RX considers policy statements themselves to be potentially confidential information and subject to information-flow metapolicies. |
| File Format | |
| Language | English |
| Publisher Date | 2006-01-01 |
| Publisher Institution | IN CSFW’06: THE 19TH IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP |
| Access Restriction | Open |
| Subject Keyword | Trust-management Framework Verified Transaction New Security-typed Programming Language Information-flow Policy Illegal Information Information-flow Metapolicies Security-typed Language Policy Statement Dynamic Query Dynamic Semantics Owned Role Policy Update Sensitive Information Role-based Security Policy Transitive Flow Flexible Delegation Confidential Information Language Rx Security Label Update Policy |
| Content Type | Text |
| Resource Type | Article |
