Lambda the Ultimate

inactiveTopic Language-Based Information-Flow Security
started 8/21/2002; 12:57:46 PM - last post 8/21/2002; 12:57:46 PM
Ehud Lamm - Language-Based Information-Flow Security  blueArrow
8/21/2002; 12:57:46 PM (reads: 1202, responses: 0)
Language-Based Information-Flow Security
(via comp.lang.functional)

Language-Based Information-Flow Security. Andrei Sabelfeld, Andrew C. Myers. IEEE Journal on Selected Areas in Communication (to appear).

Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Recently, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this article we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of recent work in the area and identify some important open challenges. (Postscript version)

As always, if you want to extend language semantics, the easiest way is to use the type system

In a security­-typed language, the types of program variables and expressions are augmented with annotations that specify policies on the use of the typed data. This means, of course, that these security policies can be enforced at compile ­time.

Like ordinary type checking, security­ type checking is also inherently compositional: secure subsystems combine to form a larger secure system as long as the external type signatures of the subsystems agree.

Posted to Software-Eng by Ehud Lamm on 8/21/02; 1:11:33 PM