Information Security Seminar  RSS

Sessions

07/04/2011, 16:30 — 17:30 — Tagus-1.1
José Santos, INRIA, Sophia-Antipolis

On Extracting Security Policies From Program Invariants - A static analysis for dynamic decision making

This presentation approaches the problem of verifying program compliance with information flow policies by proposing a framework that enables dealing with complex and dynamic policies in an efficient and flexible manner. We introduce a calculus for extracting the fundamental dependencies that are encoded into a program which is proved to be both sound and optimal. From the output of this analysis, the strictest security policy under which a program may be executed is then statically inferred. This policy can be used to dynamically decide whether a program is allowed to run, or as a comprehensive and succinct digest of the reasons for which a program is not deemed secure.
This session will be held in Room 0.32 of TagusPark!