Language-based information flow security aims to decide whether an
action-observable program can unintentionally leak confidential information if
it has the authority to access confidential data. Recent concerns about
declassification polices have provided many choices for practical intended
information release, but more precise enforcement mechanism for these policies
is insufficiently studied. In this paper, we propose a security property on the
where-dimension of declassification and present an enforcement based on
automated verification. The approach automatically transforms the abstract
model with a variant of self-composition, and checks the reachability of
illegal-flow state of the model after transformation. The self-composition is
equipped with a store-match pattern to reduce the state space and to model the
equivalence of declassified expressions in the premise of property. The
evaluation shows that our approach is more precise than type-based enforcement.Comment: 7 pages, this is a full version of the work presented on 2011 IEEE
INFOCOM Workshop