We describe work in progress that uses program analysis to show that security-critical programs, such as cross-domain guards, correctly enforce cross-domain security policies. We are enhancing existing techniques from the field of security-oriented programming languages to construct a new language for the construction of secure networked applications, SELinks. In order to specify and enforce expressive and fine-grained policies, we advocate dynamically associating security labels with sensitive entities. Programs written in SELinks are statically guaranteed to correctly manipulate an entity's security labels and to ensure that the appropriate policy checks mediate all operations that are performed on the entity. We discuss the design of our main case study: a web-based collaborative planning application that will permit a collection of users, with varying security requirements and clearances, to access sensitive data sources and collaboratively create documents based on these sources.

[ .pdf ]

@inproceedings{swamy07milcom,
  author = {Nikhil Swamy and Michael Hicks and Simon Tsang},
  title = {Verified Enforcement of Security Policies for Cross-Domain
Information Flows},
  month = oct,
  year = 2007,
  booktitle = {Proceedings of the 2007 Military Communications Conference (MILCOM)}
}

This file was generated by bibtex2html 1.99.