Departmental Papers (CIS)

Date of this Version

April 2005

Document Type

Conference Paper


Postprint version. Published in Lecture Notes in Computer Science, Volume 3444, Programming Languages and Systems: 14th European Symposium on Programming (ESOP 2005), pages 279-294.
Publisher URL:


This paper presents a calculus that supports information-flow security policies and certificate-based declassification. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F). We prove a conditioned version of the noninterference theorem such that authorization for declassification is justified by digital certificates from public-key infrastructures.



Date Posted: 14 April 2006