Application vulnerability blocking

Today, many security application vulnerabilitics, especially those that arerelated to web applications can be viewed as an insecure information flowproblem and the different security mechanisms such as access control andencryption are not enough to guarantee a secure information flow.Recently, a new approach has been developed: the use of programminglanguage techniques for specifying and enforcing end to end information-flowpolicies, well known as security-typed programming languages or language-based security. In these languages, data types are annotated with securitylabels in order to identify the confidentiality and/or integrity policies foreach data element. A security label is a pair of a confidentiality policy andan integrity policy, which specifies the principals or entities allowed to reador influence the value of the data. respectively. The specification of prin-cipals in those languages allows modeling different roles in the applicationprogram with different security concerns such as users, groups and processes.In practical applications, language constructs for delegation and revocationamong principals are desired in order to permit a temporary information flowfrom one principal (the gran or) to a certain principale (the delegatee) andto renounce a prior permission.A general form of delegation is already present in some security typedprogramming languages such as Jif, a well known standard for security typedprogramming languages. Using delegation in this language a principal pcan act for another principal q (i.e., any action taken by principal q is alsoauthorized for principal p).