Information flow analysis for valued-indexed data security compartments

Luísa Lourenço; Luís Caires

doi:10.1007/978-3-319-05119-2_11

Information flow analysis for valued-indexed data security compartments

Luísa Lourenço, Luís Caires

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Citations (Scopus)

Abstract

Data-intensive applications as popularised by cloud computing raise many security challenges, due to the large number of remote users involved and multi-tenancy. Frequently, the security compartment associated to data stored in shared containers, such as database tables, is not determined by the static structure of the database schema, but depends on runtime data values, as required to ensure so-called "row-level" security. In this paper, we investigate a programming language approach to these issues, based on a -calculus extended with data manipulation primitives. We develop a type-based information flow analysis introducing a notion of value-indexed security labels, representing value-indexed security levels, or compartments. Our results ensure that well-typed programs do not break confidentiality constraints imposed by a declared security discipline.

Original language	English
Title of host publication	Trustworthy Global Computing
Subtitle of host publication	8th International Symposium, TGC 2013, Buenos Aires, Argentina, August 30-31, 2013, Revised Selected Papers
Editors	Martín Abadi , Alberto Lluch Lafuente
Publisher	Springer International Publishing
Pages	180-198
Number of pages	19
ISBN (Electronic)	978-3-319-05119-2
ISBN (Print)	978-331905118-5
DOIs	https://doi.org/10.1007/978-3-319-05119-2_11
Publication status	Published - 2014
Event	8th International Symposium on Trustworthy Global Computing, TGC 2013 - Buenos Aires, Argentina Duration: 30 Aug 2013 → 31 Aug 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher	Springer International Publishing
Volume	8358 LNCS
ISSN (Print)	0302-9743

Conference

Conference	8th International Symposium on Trustworthy Global Computing, TGC 2013
Country/Territory	Argentina
City	Buenos Aires
Period	30/08/13 → 31/08/13

Access to Document

10.1007/978-3-319-05119-2_11

Cite this

Lourenço, L., & Caires, L. (2014). Information flow analysis for valued-indexed data security compartments. In M. Abadi , & A. L. Lafuente (Eds.), Trustworthy Global Computing: 8th International Symposium, TGC 2013, Buenos Aires, Argentina, August 30-31, 2013, Revised Selected Papers (pp. 180-198). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8358 LNCS). Springer International Publishing. https://doi.org/10.1007/978-3-319-05119-2_11

Lourenço, Luísa ; Caires, Luís. / Information flow analysis for valued-indexed data security compartments. Trustworthy Global Computing: 8th International Symposium, TGC 2013, Buenos Aires, Argentina, August 30-31, 2013, Revised Selected Papers. editor / Martín Abadi ; Alberto Lluch Lafuente. Springer International Publishing, 2014. pp. 180-198 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e2d64c35b27e4985bad7496bae910a0e,

title = "Information flow analysis for valued-indexed data security compartments",

abstract = "Data-intensive applications as popularised by cloud computing raise many security challenges, due to the large number of remote users involved and multi-tenancy. Frequently, the security compartment associated to data stored in shared containers, such as database tables, is not determined by the static structure of the database schema, but depends on runtime data values, as required to ensure so-called {"}row-level{"} security. In this paper, we investigate a programming language approach to these issues, based on a -calculus extended with data manipulation primitives. We develop a type-based information flow analysis introducing a notion of value-indexed security labels, representing value-indexed security levels, or compartments. Our results ensure that well-typed programs do not break confidentiality constraints imposed by a declared security discipline.",

author = "Lu{\'i}sa Louren{\c c}o and Lu{\'i}s Caires",

year = "2014",

doi = "10.1007/978-3-319-05119-2_11",

language = "English",

isbn = "978-331905118-5",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer International Publishing",

pages = "180--198",

editor = "{Abadi }, {Mart{\'i}n } and Lafuente, {Alberto Lluch }",

booktitle = "Trustworthy Global Computing",

address = "Switzerland",

note = "8th International Symposium on Trustworthy Global Computing, TGC 2013 ; Conference date: 30-08-2013 Through 31-08-2013",

}

Lourenço, L & Caires, L 2014, Information flow analysis for valued-indexed data security compartments. in M Abadi & AL Lafuente (eds), Trustworthy Global Computing: 8th International Symposium, TGC 2013, Buenos Aires, Argentina, August 30-31, 2013, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8358 LNCS, Springer International Publishing, pp. 180-198, 8th International Symposium on Trustworthy Global Computing, TGC 2013, Buenos Aires, Argentina, 30/08/13. https://doi.org/10.1007/978-3-319-05119-2_11

Information flow analysis for valued-indexed data security compartments. / Lourenço, Luísa; Caires, Luís.
Trustworthy Global Computing: 8th International Symposium, TGC 2013, Buenos Aires, Argentina, August 30-31, 2013, Revised Selected Papers. ed. / Martín Abadi ; Alberto Lluch Lafuente. Springer International Publishing, 2014. p. 180-198 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8358 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Information flow analysis for valued-indexed data security compartments

AU - Lourenço, Luísa

AU - Caires, Luís

PY - 2014

Y1 - 2014

N2 - Data-intensive applications as popularised by cloud computing raise many security challenges, due to the large number of remote users involved and multi-tenancy. Frequently, the security compartment associated to data stored in shared containers, such as database tables, is not determined by the static structure of the database schema, but depends on runtime data values, as required to ensure so-called "row-level" security. In this paper, we investigate a programming language approach to these issues, based on a -calculus extended with data manipulation primitives. We develop a type-based information flow analysis introducing a notion of value-indexed security labels, representing value-indexed security levels, or compartments. Our results ensure that well-typed programs do not break confidentiality constraints imposed by a declared security discipline.

AB - Data-intensive applications as popularised by cloud computing raise many security challenges, due to the large number of remote users involved and multi-tenancy. Frequently, the security compartment associated to data stored in shared containers, such as database tables, is not determined by the static structure of the database schema, but depends on runtime data values, as required to ensure so-called "row-level" security. In this paper, we investigate a programming language approach to these issues, based on a -calculus extended with data manipulation primitives. We develop a type-based information flow analysis introducing a notion of value-indexed security labels, representing value-indexed security levels, or compartments. Our results ensure that well-typed programs do not break confidentiality constraints imposed by a declared security discipline.

UR - http://www.scopus.com/inward/record.url?scp=84901360370&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-05119-2_11

DO - 10.1007/978-3-319-05119-2_11

M3 - Conference contribution

AN - SCOPUS:84901360370

SN - 978-331905118-5

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 180

EP - 198

BT - Trustworthy Global Computing

A2 - Abadi , Martín

A2 - Lafuente, Alberto Lluch

PB - Springer International Publishing

T2 - 8th International Symposium on Trustworthy Global Computing, TGC 2013

Y2 - 30 August 2013 through 31 August 2013

ER -

Lourenço L, Caires L. Information flow analysis for valued-indexed data security compartments. In Abadi M, Lafuente AL, editors, Trustworthy Global Computing: 8th International Symposium, TGC 2013, Buenos Aires, Argentina, August 30-31, 2013, Revised Selected Papers. Springer International Publishing. 2014. p. 180-198. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-05119-2_11

Information flow analysis for valued-indexed data security compartments

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this