Date Added: Jan 2011
Cryptography is often used to secure the secrecy and integrity of data, but its ubiquitous use (for example on every read and write of a program variable) is prohibitive. When protecting the secrecy and integrity of data, applications may choose to reply on the underlying runtime or network, or they may seek to secure the data themselves using cryptographic techniques. However specifying when to rely on the environment, and when to explicitly enforce security, is usually specified informally without recourse to explicit policies. This paper considers an approach to making explicit when the runtime or network is trusted to carry data in cleartext, and when the data must be explicitly protected.