Dynamic Security Policies
University Of Pennsylvania, Philadelphia PA
Investigators
Abstract
CCR-0311204 Dynamic Security Policies Stephan A. Zdancewic This research concentrates on the theoretical foundations and implementation of dynamic security policies--security policies that describe how confidential or high integrity data should be handled by computer systems in an environment that is unknown when the system is built. The key idea is to extend well understood static type systems that express information-flow security policies with dynamic mechanisms that capture security policy information available only at run time. Such policies are important to the design of secure systems that can cope with change in the environment and that can evolve over time. The main objectives are: (1) To design a type system and an accompanying soundness proof for a security-typed language that includes first-class principals, authentication, first-class confidentiality labels, and mechanisms to construct and inspect these policy components at run time. Part of this work is to extend previous research on downgrading. (2) To implement these ideas in the Jif compiler, a security-typed language based on Java. (3) To validate the approach by developing a suite of programs that stress-test the implementation. Most of these programs will be small benchmarks that test corner cases, but the intent is to have students develop larger applications.
View original record on NSF Award Search →