Aarhus University Seal

Reconciling progress-insensitive noninterference and declassification

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review

Practitioners of secure information flow often face a design challenge: what is the right semantic treatment of leaks via termination? On the one hand, the potential harm of untrusted code calls for strong progress-sensitive security. On the other hand, when the code is trusted to not aggressively exploit termination channels, practical concerns, such as permissiveness of the enforcement, make a case for settling for weaker, progress-insensitive security. This binary situation, however, provides no suitable middle point for systems that mix trusted and untrusted code. This paper connects the two extremes by reframing progress-insensitivity as a particular form of declassification. Our novel semantic condition reconciles progress-insensitive security as a declassification bound on the so-called progress knowledge in an otherwise progress or timing sensitive setting. We show how the new condition can be soundly enforced using a mostly standard information-flow monitor. We believe that the connection established in this work will enable other applications of ideas from the literature on declassification to progress-insensitivity.

Original languageEnglish
Title of host publication2020 IEEE 33rd Computer Security Foundations Symposium (CSF)
Number of pages12
Publication yearJun 2020
ISBN (Electronic)9781728165721
Publication statusPublished - Jun 2020
Event33rd IEEE Computer Security Foundations Symposium, CSF 2020 - Virtual, Online, United States
Duration: 22 Jun 202025 Jun 2020


Conference33rd IEEE Computer Security Foundations Symposium, CSF 2020
LandUnited States
ByVirtual, Online
SeriesProceedings - IEEE Computer Security Foundations Symposium

See relations at Aarhus University Citationformats

ID: 196858040