Managing Policy Updates in Security-Typed Languages (Extended version). Nikhil Swamy, Michael Hicks, Stephen Tse, and Steve Zdancewic. Technical Report CS-TR-4793, Department of Computer Science, University of Maryland, August 2006. Extends CSFW version to include full proofs and additional discussion about metapolicies.

This paper presents RX, a new security-typed programming language with features intended to make the management of information-flow policies more practical. Security labels in RX, in contrast to prior approaches, are defined in terms of owned roles, as found in the RT role-based trust-management framework. Role-based security policies allows flexible delegation, and our language RX provides constructs through which programs can robustly update policies and react to policy updates dynamically. Our dynamic semantics use statically verified transactions to eliminate illegal information flows across updates, which we call transitive flow. Because policy updates can be observed through dynamic queries, policy updates can potentially reveal sensitive information. As such, RX considers policy statements themselves to be potentially confidential information and subject to information-flow metapolicies.

[ http | .pdf ]

@techreport{swamy06rxtr,
  title = {Managing Policy Updates in Security-Typed Languages (Extended version)},
  author = {Nikhil Swamy and Michael Hicks and Stephen Tse and Steve Zdancewic},
  institution = {Department of Computer Science, University of Maryland},
  number = {CS-TR-4793},
  month = {August},
  year = 2006,
  note = {Extends CSFW version to include full proofs and additional
discussion about metapolicies},
  http = {http://www.cs.umd.edu/projects/PL/rx/}
}

This file was generated by bibtex2html 1.99.