Towards Static Flow-Based Declassification for Legacy and Untrusted Programs
Simple non-interference is too restrictive for specifying and enforcing information flow policies in most programs. Exceptions to non-interference are provided using declassification policies. Several approaches for enforcing declassification have been proposed in the literature. In most of these approaches, the declassification policies are embedded in the program itself or heavily tied to the variables in the program being analyzed, thereby providing little separation between the code and the policy. Consequently, the previous approaches essentially require that the code be trusted, since to trust that the correct policy is being enforced, the authors need to trust the source code. In this paper, they propose a novel framework in which declassification policies are related to the source code being analyzed via its I/O channels.