Abstract
We provide a formal definition of information flows in XML transformations and, more generally, in the presence of type driven computations and describe a sound technique to detect transformations that may leak private or confidential information. We also outline a general framework to check middleware-located information flows.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Lampson, B., Levy, J.-J.: Analysis and caching of dependencies. In: ICFP 1996, 1st ACM Conference on Functional Programming, pp. 83–91 (1996)
Benzaken, V., Castagna, G., Frisch, A.: CDuce: An XML-Centric General Purpose Language. In: ICFP 2003, 8th ACM Conference on Functional Programming, pp. 51–63 (2003)
Christensen, A., Møller, A., Schwartzbach, M.: Extending Java for high-level web service construction. In: ACM TOPLAS (2003) (to appear)
Cluet, S., Siméon, J.: Yatl: a functional and declarative language for XML (2000) (draft manuscript)
Conchon, S.: Modular information flow analysis for process calculi. In: FCS 2002, Proceedings of the Foundations of Computer Security Workshop, Copenhagen, Denmark (2002)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM TOISS 5(2), 169–202 (2002)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Design and implementation of an access control processor for XML documents. Computer Networks 33(1-6), 59–75 (2000)
Fernández, M., Siméon, J., Wadler, P.: An algebra for XML query. In: Kapoor, S., Prasad, S. (eds.) FST TCS 2000. LNCS, vol. 1974, pp. 11–45. Springer, Heidelberg (2000)
Frisch, A., Castagna, G., Benzaken, V.: Semantic Subtyping. In: LICS 2002, Seventeenth Annual IEEE Symposium on Logic in Computer Science, pp. 137–146 (2002)
Gabillon, A., Bruno, E.: Regulating access to XML documents. In: 15th Annual IFIP WG 11.3 Working Conference on Database Security, July 15-18 (2001)
Gapayev, V., Pierce, B.: Regular object types. In: Cardelli, L. (ed.) ECOOP 2003. LNCS, vol. 2743, Springer, Heidelberg (2003)
Goguen, J.A., Meseguer, J.: Security policy and security models. In: Proceedings of Symposium on Secrecy and Privacy, pp. 11–20. IEEE Computer Society, Los Alamitos (1982)
Hosoya, H., Pierce, B.: XDuce: A typed XML processing language. In: ACM TOIT (2003) (to appear)
IBM AlphaWorks. XML Security Suite, http://www.alphaworks.ibm.com/tech/xmlsecuritysuite
Myers, A., Liskov, B.: A decentralized model for information flow control. In: Proceedings of the 16th ACMSymposium on Operating Systems Principles (SOSP), pp. 129–142 (1997)
Pottier, F., Conchon, S.: Information flow inference for free. In: ICFP 2000, 5th ACM Conference on Functional Programming, September 2000, pp. 46–57 (2000)
Pottier, F., Simonet, V.: Information flow inference for ML. ACM SIGPLAN Notices 31(1), 319–330 (2002)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)
Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167–187 (1996)
Wallace, C., Runciman, C.: Haskell and XML: Generic combinators or type based translation?. In: ICFP 1999, 4th ACM Conference on Functional Programming, pp. 148–159 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Benzaken, V., Burelle, M., Castagna, G. (2003). Information Flow Security for XML Transformations. In: Saraswat, V.A. (eds) Advances in Computing Science – ASIAN 2003. Progamming Languages and Distributed Computation Programming Languages and Distributed Computation. ASIAN 2003. Lecture Notes in Computer Science, vol 2896. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40965-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-40965-6_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20632-3
Online ISBN: 978-3-540-40965-6
eBook Packages: Springer Book Archive