Paragon for Practical Programming with Information-Flow Control
Paper in proceeding, 2013
Conventional security policies for software applications are adequate for managing concerns on the level of access control. But standard abstraction mechanisms of mainstream programming languages are not sufficient to express how information is allowed to flow between resources once access to them has been obtained. In practice we believe that such control - information flow control - is needed to manage the end-to-end security properties of applications.
In this paper we present Paragon, a Java-based language with first-class support for static checking of information flow control policies. Paragon policies are specified in a logic-based policy language. By virtue of their explicitly stateful nature, these policies appear to be more expressive and flexible than those used in previous languages with information-flow support.
Our contribution is to present the design and implementation of Paragon, which smoothly integrates the policy language with Java’s object-oriented setting, and reaps the benefits of the marriage with a fully fledged programming language.
static enforcement
information flow
Author
Niklas Broberg
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Bart van Delft
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
David Sands
Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 8301 LNCS 217-232978-3-319-03541-3 (ISBN)
Areas of Advance
Information and Communication Technology
Subject Categories
Computer and Information Science
DOI
10.1007/978-3-319-03542-0_16
ISBN
978-3-319-03541-3