Skip to main content
    • Aa
    • Aa

Modelling declassification policies using abstract domain completeness


This paper explores a three dimensional characterisation of a declassification-based non-interference policy and its consequences. Two of the dimensions consist of specifying: (a)

the power of the attacker, that is, what public information a program has that an attacker can observe; and


what secret information a program has that needs to be protected.

Both these dimensions are regulated by the third dimension: (c)

the choice of program semantics, for example, trace semantics or denotational semantics, or any semantics in Cousot's semantics hierarchy.

To check whether a program satisfies a non-interference policy, one can compute an abstract domain that over-approximates the information released by the policy and then check whether program execution can release more information than permitted by the policy. Counterexamples to a policy can be generated by using a variant of the Paige–Tarjan algorithm for partition refinement. Given the counterexamples, the policy can be refined so that the least amount of confidential information required for making the program secure is declassified.

Linked references
Hide All

This list contains references from the content that can be linked to their source. For a full set of references and notes please see the PDF or HTML where available.

A. Askarov and A. Sabelfeld (2007b) Localized delimited release: Combining the what and the where dimensions of information release. In: PLAS '07: Proceedings of the 2007 workshop on Programming languages and analysis for security, ACM Press5360.

P. Cousot and R. Cousot (1977) Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT–SIGPLAN symposium on Principles of programming languages (POPL '77), ACM Press238252.

P. Cousot and R. Cousot (1979) Systematic design of program analysis frameworks. In: Proceedings of the 6th ACM SIGACT–SIGPLAN symposium on Principles of programming languages (POPL '79), ACM Press269282.

R. Giacobazzi and I. Mastroeni (2004) Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: Proceedings of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '04), ACM Press186197.

Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

Mathematical Structures in Computer Science
  • ISSN: 0960-1295
  • EISSN: 1469-8072
  • URL: /core/journals/mathematical-structures-in-computer-science
Please enter your name
Please enter a valid email address
Who would you like to send this to? *


Full text views

Total number of HTML views: 0
Total number of PDF views: 4 *
Loading metrics...

Abstract views

Total abstract views: 53 *
Loading metrics...

* Views captured on Cambridge Core between September 2016 - 26th September 2017. This data will be updated every 24 hours.