Skip to main content
Conference Proceedings

Verifying information flow control over unbounded processes

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009) 5850 LNCS 773-789
DOI: 10.1007/978-3-642-05089-3_49
9Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Decentralized Information Flow Control (DIFC) systems enable programmers to express a desired DIFC policy, and to have the policy enforced via a reference monitor that restricts interactions between system objects, such as processes and files. Past research on DIFC systems focused on the reference-monitor implementation, and assumed that the desired DIFC policy is correctly specified. The focus of this paper is an automatic technique to verify that an application, plus its calls to DIFC primitives, does indeed correctly implement a desired policy. We present an abstraction that allows a model checker to reason soundly about DIFC programs that manipulate potentially unbounded sets of processes, principals, and communication channels. We implemented our approach and evaluated it on a set of real-world programs. © 2009 Springer-Verlag Berlin Heidelberg.

Cite

CITATION STYLE

APA

Harris, W. R., Kidd, N. A., Chaki, S., Jha, S., & Reps, T. (2009). Verifying information flow control over unbounded processes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5850 LNCS, pp. 773–789). https://doi.org/10.1007/978-3-642-05089-3_49

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free