buttonTrust
 
Commands
  Search pubs database

Quick search by ...
 
 
Year
  2009
2008
2007
2006
2005
2004
2002

Group
  aftrust
aftrustfaculty
deab
eab
eduboard
education
euus
healthcare
hsn
idtheft
knowledgetransfer
languages
netdefenses
patientmonitor
policy
scada
sensornets
sensorprivacy
trust
trustfaculty
trustlocal
trustseminar
trustworthy
university
wise2006
End-to-End Enforcement of Erasure and Declassification
Stephen Chong, Andrew C. Myers

Citation
Stephen Chong, Andrew C. Myers. "End-to-End Enforcement of Erasure and Declassification". Proceedings of the IEEE Computer Security Foundations Symposium, 98–111, June, 2008.

Abstract
_Declassification_ occurs when the confidentiality of information is weakened; _erasure_ occurs when the confidentiality of information is strengthened, perhaps to the point of completely removing the information from the system. This paper shows how to enforce erasure and declassification policies. A combination of a type system that controls information flow and a simple runtime mechanism to overwrite data ensures end-to-end enforcement of policies. We prove that well-typed programs satisfy the semantic security condition _noninterference according to policy_. We extend the Jif programming language with erasure and declassification enforcement mechanisms and use the resulting language in a large case study of a voting system.

Electronic downloads

Citation formats  

  • HTML 
    Stephen Chong, Andrew C. Myers. <a
href="http://www.truststc.org/pubs/454.html">End-to-End
Enforcement of Erasure and Declassification</a>,
Proceedings of the IEEE Computer Security Foundations
Symposium, 98–111, June, 2008.
  • Plain text 
    Stephen Chong, Andrew C. Myers. "End-to-End Enforcement of
Erasure and Declassification". Proceedings of the IEEE
Computer Security Foundations Symposium, 98–111, June,
2008.
  • BibTeX 
    @inproceedings{ChongMyers08_EndtoEndEnforcementOfErasureDeclassification,
    author = {Stephen Chong and Andrew C. Myers},
    title = {End-to-End Enforcement of Erasure and
              Declassification},
    booktitle = {Proceedings of the IEEE Computer Security
              Foundations Symposium},
    pages = {98–111},
    month = {June},
    year = {2008},
    abstract = {_Declassification_ occurs when the confidentiality
              of information is weakened; _erasure_ occurs when
              the confidentiality of information is
              strengthened, perhaps to the point of completely
              removing the information from the system. This
              paper shows how to enforce erasure and
              declassification policies. A combination of a type
              system that controls information flow and a simple
              runtime mechanism to overwrite data ensures
              end-to-end enforcement of policies. We prove that
              well-typed programs satisfy the semantic security
              condition _noninterference according to policy_.
              We extend the Jif programming language with
              erasure and declassification enforcement
              mechanisms and use the resulting language in a
              large case study of a voting system.},
    URL = {http://www.truststc.org/pubs/454.html}
}

Posted by Andrew C. Myers, Ph.D. on 22 Aug 2008.
For additional information, see the Publications FAQ or contact webmaster at www truststc org..

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.
You are not logged in
© 2005-2008 Trust