Safety versus Secrecy

Safety and secrecy are formulated for a deterministic programming language. A safety property is defined as a set of program traces and secrecy is defined as a binary relation on traces, characterizing a form of Noninterference. Safety properties may have sound and complete execution monitors whereas secrecy has no such monitor.

[1]  Roberto Gorrieri,et al.  A Taxonomy of Security Properties for Process Algebras , 1995, J. Comput. Secur..

[2]  Martín Abadi Secrecy in Programming-Language Semantics , 1999, MFPS.

[3]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[4]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[5]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[6]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[7]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Geoffrey Smith,et al.  Eliminating covert flows with minimum typings , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[10]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, ESOP.