Paragon for practical programming with information-flow control. Conventional security policies for software applications are adequate for managing concerns on the level of access control. But standard abstraction mechanisms of mainstream programming languages are not sufficient to express how information is allowed to flow between resources once access to them has been obtained. In practice we believe that such control -- information flow control -- is needed to manage the end-to-end security properties of applications.par In this paper we present Paragon, a Java-based language with first-class support for static checking of information flow control policies. Paragon policies are specified in a logic-based policy language. By virtue of their explicitly stateful nature, these policies appear to be more expressive and flexible than those used in previous languages with information-flow support.par Our contribution is to present the design and implementation of Paragon, which smoothly integrates the policy language with Java’s object-oriented setting, and reaps the benefits of the marriage with a fully fledged programming language.
Keywords for this software
References in zbMATH (referenced in 7 articles , 1 standard article )
Showing results 1 to 7 of 7.
- Nielson, Hanne Riis; Nielson, Flemming: Content dependent information flow control (2017)
- Mantel, Heiko; Müller-Olm, Markus; Perner, Matthias; Wenner, Alexander: Using dynamic pushdown networks to automate a modular information-flow analysis (2015)
- Riis Nielson, Hanne; Nielson, Flemming; Li, Ximeng: Hoare logic for disjunctive information flow (2015)
- Broberg, Niklas; van Delft, Bart; Sands, David: Paragon for practical programming with information-flow control (2013)
- Dimitrova, Rayna; Finkbeiner, Bernd; Kovács, Máté; Rabe, Markus N.; Seidl, Helmut: Model checking information flow in reactive systems (2012)
- Grabowski, Robert: Information flow analysis for mobile code in dynamic security environments (2012)
- Broberg, Niklas; Sands, David: Paralocks, role-based information flow control and beyond (2010)