Protecting privacy using the decentralized label model
- 1 October 2000
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Software Engineering and Methodology
- Vol. 9 (4), 410-442
- https://doi.org/10.1145/363516.363526
Abstract
Stronger protection is needed for the confidentiality and integrity of data, because programs containing untrusted code are the rule rather than the exception. Information flow control allows the enforcement of end-to-end security policies, but has been difficult to put into practice. This article describes the decentralized label model, a new label model for control of information flow in systems with mutual distrust and decentralized authority. The model improves on existing multilevel security models by allowing users to declassify information in a decentralized way, and by improving support for fine-grained data sharing. It supports static program analysis of information flow, so that programs can be certified to permit only acceptable information flows, while largely avoiding the overhead of run-time checking. The article introduces the language Jif, an extension to Java that provides static checking of information flow using the decentralized label model.Keywords
This publication has 19 references indexed in Scilit:
- JFlowPublished by Association for Computing Machinery (ACM) ,1999
- Proof-carrying codePublished by Association for Computing Machinery (ACM) ,1997
- The Compositional Security Checker: a tool for the verification of information flow security propertiesIEEE Transactions on Software Engineering, 1997
- Trust in the λ-calculusLecture Notes in Computer Science, 1995
- Multilevel security in the UNIX traditionSoftware: Practice and Experience, 1992
- An Axiomatic Approach to Information Flow in ProgramsACM Transactions on Programming Languages and Systems, 1980
- Proving multilevel security of a system designACM SIGOPS Operating Systems Review, 1977
- Certification of programs for secure information flowCommunications of the ACM, 1977
- A lattice model of secure information flowCommunications of the ACM, 1976
- Security Kernel validation in practiceCommunications of the ACM, 1976