Capabilities for information flow
Paper in proceedings, 2011

This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.

Author

Arnar Birgisson

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

article no. 5-

Areas of Advance

Information and Communication Technology

Subject Categories

Computer Science

DOI

10.1145/2166956.2166961

ISBN

978-145030830-4

More information

Created

10/7/2017