Managing Policy Updates in Security-Typed Languages

Simple item page
dc.contributor.authorSwamy, N.
dc.contributor.authorHicks, M.
dc.contributor.authorTse, S.
dc.contributor.authorZdancewic, S.
dc.date.accessioned2006-09-07T18:08:01Z
dc.date.available2006-09-07T18:08:01Z
dc.date.issued2006-04-06
dc.description.abstractThis paper presents RX, a new security-typed programming language with features intended to make the management of information-flow policies more practical. Security labels in RX, in contrast to prior approaches, are defined in terms of owned roles, as found in the RT role-based trust-management framework. Role-based security policies allow flexible delegation, and our language RX provides constructs through which programs can robustly update policies and react to policy updates dynamically. Our dynamic semantics use statically verified transactions to eliminate illegal information flows across updates, which we call transitive flows. Because policy updates can be observed through dynamic queries, policy updates can potentially reveal sensitive information. As such, RX considers policy statements themselves to be potentially confidential information and subject to information-flow metapolicies.en
dc.format.extent443286 bytes
dc.format.mimetypeapplication/pdf
dc.identifier.urihttp://hdl.handle.net/1903/3681
dc.language.isoen_USen
dc.relation.ispartofseriesUM Computer Science Departmenten
dc.relation.ispartofseriesCS-TR-4793en
dc.titleManaging Policy Updates in Security-Typed Languagesen
dc.typeTechnical Reporten

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
tr.pdf
Size:
432.9 KB
Format:
Adobe Portable Document Format
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.81 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Technical Reports from UMIACS
Technical Reports of the Computer Science Department