Gradual Release: Unifying Declassification, Encryption and Key Release Policies
Paper in proceeding, 2007

Information security has a challenge to address: enabling information-flow controls with expressive information release (or declassification) policies. Existing approaches tend to address some aspects of information release, exposing the other aspects for possible attacks. It is striking that these approaches fall into two mostly separate categories: revelation-based (as in information purchase, aggregate computation, moves in a game, etc.) and encryption-based declassification (as in sending encrypted secrets over an untrusted network, storing passwords, etc.). This paper introduces gradual release, a policy that unifies declassification, encryption, and key release policies. We model an attacker's knowledge by the sets of possible secret inputs as functions of publicly observable outputs. The essence of gradual release is that this knowledge must remain constant between releases. Gradual release turns out to be a powerful foundation for release policies, which we demonstrate by formally connecting revelation-based and encryption-based declassification. Furthermore, we show that gradual release can be provably enforced by security types and effects.

Author

Aslan Askarov

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers)

Proceedings of the IEEE Symposium on Security and Privacy

1081-6011 (ISSN)

207-227
978-0-7695-2848-9 (ISBN)

Subject Categories

Computer Science

DOI

10.1109/SP.2007.22

ISBN

978-0-7695-2848-9

More information

Created

10/7/2017