Capabilities for Information Flow

This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, the authors enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. They present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.

Provided by: Association for Computing Machinery Topic: Software Date Added: Jun 2011 Format: PDF

Find By Topic