2015 IEEE 28th Computer Security Foundations Symposium 2015
DOI: 10.1109/csf.2015.16
|View full text |Cite
|
Sign up to set email alerts
|

The Anatomy and Facets of Dynamic Policies

Abstract: Abstract-Information flow policies are often dynamic; the security concerns of a program will typically change during execution to reflect security-relevant events. A key challenge is how to best specify, and give proper meaning to, such dynamic policies. A large number of approaches exist that tackle that challenge, each yielding some important, but unconnected, insight. In this work we synthesise existing knowledge on dynamic policies, with an aim to establish a common terminology, best practices, and framew… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

3
41
0

Year Published

2015
2015
2019
2019

Publication Types

Select...
4
1
1

Relationship

1
5

Authors

Journals

citations
Cited by 20 publications
(44 citation statements)
references
References 44 publications
3
41
0
Order By: Relevance
“…One of the facets discussed in [5] is the distinction between "whitelisting flows" and "blacklisting flows", which is similar to our distinction between a permissive and a prohibitive reading of policies. Interestingly, the whitelisting/permissive reading is claimed to be the norm in the programming language security literature.…”
Section: Related Workmentioning
confidence: 84%
“…One of the facets discussed in [5] is the distinction between "whitelisting flows" and "blacklisting flows", which is similar to our distinction between a permissive and a prohibitive reading of policies. Interestingly, the whitelisting/permissive reading is claimed to be the norm in the programming language security literature.…”
Section: Related Workmentioning
confidence: 84%
“…Since this is not the case, the program violates the security condition. In the terminology of facets of dynamic policies [6], the condition does not allow for the time-transitive flows that we desire.…”
Section: Relabeling Supportmentioning
confidence: 98%
“…We have proven that RIF automata enforce PWNI for a simple imperative language [22], giving us confidence in the formal guarantees enforced by the JRIF type system. 9 Many models [2,3,19,24,36] have been proposed for expressing and enforcing policies that permit changing the restrictions imposed on the use of values, but PWNI is the first to handle both classifications and deprecations.…”
Section: What Jrif Label Checking Enforcesmentioning
confidence: 99%