Tight Enforcement of Information-Release Policies for Dynamic Languages

This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement...

Full description

Saved in:
Bibliographic Details
Published in2009 22nd IEEE Computer Security Foundations Symposium pp. 43 - 59
Main Authors Askarov, A., Sabelfeld, A.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.07.2009
Subjects
Acoustical engineering
Communication system security
Computer science
Computer security
Credit cards
declassification
Information analysis
information flow
Information security
Java
language-based security
Monitoring
Remuneration
Online AccessGet full text

Cover

More Information
Summary:This paper studies the problem of securing information release in dynamic languages. We propose (i) an intuitive framework for information-release policies expressing both what can be released by an application and where in the code this release may take place and (ii) tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly static analysis for a language with dynamic code evaluation and communication primitives. The policy framework and enforcement mechanisms support both termination-sensitive and insensitive security policies.
ISBN:076953712X
9780769537122
ISSN:1063-6900
1940-1434
2377-5459
DOI:10.1109/CSF.2009.22