Capabilities for information flow
Paper in proceeding, 2011
This paper presents a capability-based mechanism for permissive
yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth
enforcement of information-flow policies using capability systems.
The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.
Author
Arnar Birgisson
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Alejandro Russo
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Andrei Sabelfeld
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
article no. 5-
978-145030830-4 (ISBN)
Areas of Advance
Information and Communication Technology
Subject Categories
Computer Science
DOI
10.1145/2166956.2166961
ISBN
978-145030830-4