Information flow analysis for valued-indexed data security compartments

Luísa Lourenço, Luís Caires

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Citations (Scopus)


Data-intensive applications as popularised by cloud computing raise many security challenges, due to the large number of remote users involved and multi-tenancy. Frequently, the security compartment associated to data stored in shared containers, such as database tables, is not determined by the static structure of the database schema, but depends on runtime data values, as required to ensure so-called "row-level" security. In this paper, we investigate a programming language approach to these issues, based on a -calculus extended with data manipulation primitives. We develop a type-based information flow analysis introducing a notion of value-indexed security labels, representing value-indexed security levels, or compartments. Our results ensure that well-typed programs do not break confidentiality constraints imposed by a declared security discipline.

Original languageEnglish
Title of host publicationTrustworthy Global Computing
Subtitle of host publication8th International Symposium, TGC 2013, Buenos Aires, Argentina, August 30-31, 2013, Revised Selected Papers
EditorsMartín Abadi , Alberto Lluch Lafuente
PublisherSpringer International Publishing
Number of pages19
ISBN (Electronic)978-3-319-05119-2
ISBN (Print)978-331905118-5
Publication statusPublished - 2014
Event8th International Symposium on Trustworthy Global Computing, TGC 2013 - Buenos Aires, Argentina
Duration: 30 Aug 201331 Aug 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer International Publishing
Volume8358 LNCS
ISSN (Print)0302-9743


Conference8th International Symposium on Trustworthy Global Computing, TGC 2013
CityBuenos Aires


Dive into the research topics of 'Information flow analysis for valued-indexed data security compartments'. Together they form a unique fingerprint.

Cite this