Information Flow Security for XML Transformations

Benzaken, Véronique; Burelle, Marwan; Castagna, Giuseppe

doi:10.1007/978-3-540-40965-6_4

Véronique Benzaken⁵,
Marwan Burelle⁵ &
Giuseppe Castagna⁶

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2896))

Included in the following conference series:

Annual Asian Computing Science Conference

250 Accesses
2 Citations

Abstract

We provide a formal definition of information flows in XML transformations and, more generally, in the presence of type driven computations and describe a sound technique to detect transformations that may leak private or confidential information. We also outline a general framework to check middleware-located information flows.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Abadi, M., Lampson, B., Levy, J.-J.: Analysis and caching of dependencies. In: ICFP 1996, 1st ACM Conference on Functional Programming, pp. 83–91 (1996)
Google Scholar
Benzaken, V., Castagna, G., Frisch, A.: CDuce: An XML-Centric General Purpose Language. In: ICFP 2003, 8th ACM Conference on Functional Programming, pp. 51–63 (2003)
Google Scholar
Christensen, A., Møller, A., Schwartzbach, M.: Extending Java for high-level web service construction. In: ACM TOPLAS (2003) (to appear)
Google Scholar
Cluet, S., Siméon, J.: Yatl: a functional and declarative language for XML (2000) (draft manuscript)
Google Scholar
Conchon, S.: Modular information flow analysis for process calculi. In: FCS 2002, Proceedings of the Foundations of Computer Security Workshop, Copenhagen, Denmark (2002)
Google Scholar
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM TOISS 5(2), 169–202 (2002)
Article Google Scholar
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Design and implementation of an access control processor for XML documents. Computer Networks 33(1-6), 59–75 (2000)
Article Google Scholar
Fernández, M., Siméon, J., Wadler, P.: An algebra for XML query. In: Kapoor, S., Prasad, S. (eds.) FST TCS 2000. LNCS, vol. 1974, pp. 11–45. Springer, Heidelberg (2000)
Chapter Google Scholar
Frisch, A., Castagna, G., Benzaken, V.: Semantic Subtyping. In: LICS 2002, Seventeenth Annual IEEE Symposium on Logic in Computer Science, pp. 137–146 (2002)
Google Scholar
Gabillon, A., Bruno, E.: Regulating access to XML documents. In: 15th Annual IFIP WG 11.3 Working Conference on Database Security, July 15-18 (2001)
Google Scholar
Gapayev, V., Pierce, B.: Regular object types. In: Cardelli, L. (ed.) ECOOP 2003. LNCS, vol. 2743, Springer, Heidelberg (2003)
Google Scholar
Goguen, J.A., Meseguer, J.: Security policy and security models. In: Proceedings of Symposium on Secrecy and Privacy, pp. 11–20. IEEE Computer Society, Los Alamitos (1982)
Google Scholar
Hosoya, H., Pierce, B.: XDuce: A typed XML processing language. In: ACM TOIT (2003) (to appear)
Google Scholar
IBM AlphaWorks. XML Security Suite, http://www.alphaworks.ibm.com/tech/xmlsecuritysuite
Myers, A., Liskov, B.: A decentralized model for information flow control. In: Proceedings of the 16th ACMSymposium on Operating Systems Principles (SOSP), pp. 129–142 (1997)
Google Scholar
Pottier, F., Conchon, S.: Information flow inference for free. In: ICFP 2000, 5th ACM Conference on Functional Programming, September 2000, pp. 46–57 (2000)
Google Scholar
Pottier, F., Simonet, V.: Information flow inference for ML. ACM SIGPLAN Notices 31(1), 319–330 (2002)
Article Google Scholar
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Article Google Scholar
Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)
Chapter Google Scholar
Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167–187 (1996)
Google Scholar
Wallace, C., Runciman, C.: Haskell and XML: Generic combinators or type based translation?. In: ICFP 1999, 4th ACM Conference on Functional Programming, pp. 148–159 (1999)
Google Scholar

Download references

Author information

Authors and Affiliations

LRI (CNRS), Université Paris-Sud, Orsay, France
Véronique Benzaken & Marwan Burelle
CNRS, Département d’Informatique, École Normale Supérieure, Paris, France
Giuseppe Castagna

Authors

Véronique Benzaken
View author publications
You can also search for this author in PubMed Google Scholar
Marwan Burelle
View author publications
You can also search for this author in PubMed Google Scholar
Giuseppe Castagna
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

IBM TJ Watson Research Center, Yorktown Heights, PO Box 704, 10598, NY
Vijay A. Saraswat

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Benzaken, V., Burelle, M., Castagna, G. (2003). Information Flow Security for XML Transformations. In: Saraswat, V.A. (eds) Advances in Computing Science – ASIAN 2003. Progamming Languages and Distributed Computation Programming Languages and Distributed Computation. ASIAN 2003. Lecture Notes in Computer Science, vol 2896. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40965-6_4

Download citation

DOI: https://doi.org/10.1007/978-3-540-40965-6_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20632-3
Online ISBN: 978-3-540-40965-6
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics