Capabilities for information flow
Paper i proceeding, 2011

This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.


Arnar Birgisson

Chalmers, Data- och informationsteknik, Programvaruteknik

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Programvaruteknik

ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

article no. 5-


Informations- och kommunikationsteknik


Datavetenskap (datalogi)