Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 21, NO. 1, JANUARY 2003 1 Language-Based Information-Flow Security
 

Summary: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 21, NO. 1, JANUARY 2003 1
Language-Based Information-Flow Security
Andrei Sabelfeld and Andrew C. Myers
Abstract-- Current standard security practices do not pro-
vide substantial assurance that the end-to-end behavior of a
computing system satisfies important security policies such as
confidentiality. An end-to-end confidentiality policy might assert
that secret input data cannot be inferred by an attacker through
the attacker's observations of system output; this policy regulates
information flow.
Conventional security mechanisms such as access control
and encryption do not directly address the enforcement of
information-flow policies. Recently, a promising new approach
has been developed: the use of programming-language tech-
niques for specifying and enforcing information-flow policies.
In this article we survey the past three decades of research on
information-flow security, particularly focusing on work that uses
static program analysis to enforce information-flow policies. We
give a structured view of recent work in the area and identify
some important open challenges.

  

Source: Almgren, Magnus - Department of Computer Science and Engineering, Chalmers University of Technology
Dougherty, Daniel J. - Department of Computer Science, Worcester Polytechnic Institute
Hamlen, Kevin W. - Department of Computer Science, University of Texas at Dallas

 

Collections: Computer Technologies and Information Sciences