Abstract
When a computer program requires legitimate access to confidential data, the question arises whether such a program may illegally reveal sensitive information. This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in deterministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker’s observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the attacker’s observational power, which can be used to enforce what declassification policies.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Askarov, A., Hedin, D., Sabelfeld, A.: Cryptographically-masked flows. Theoretical Computer Science 402(2-3), 82–101 (2008)
Askarov, A., Hunt, S., Sabelfeld, A., Sands, D.: Termination-insensitive noninterference leaks more than just a bit. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 333–348. Springer, Heidelberg (2008)
Askarov, A., Sabelfeld, A.: Gradual release: Unifying declassification, encryption and key release policies. In: IEEE Symposium on Security and Privacy, pp. 207–221. IEEE Computer Society, Los Alamitos (2007)
Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15(3), 321–371 (2007)
Cohen, E.S.: Information transmission in computational systems. In: SOSP 1977: Proceedings of the sixth ACM symposium on Operating systems principles, pp. 133–139. ACM Press, New York (1977)
Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 186–197. ACM Press, New York (2004)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)
Le Guernic, G., Banerjee, A., Jensen, T.P., Schmidt, D.A.: Automata-based confidentiality monitoring. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 75–89. Springer, Heidelberg (2006)
Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Science of Computer Programming 37(1-3), 113–138 (2000)
Kohlas, J.: Information Algebras: Generic Structures for Inference. Springer, Heidelberg (2003)
Landauer, J., Redmond, T.: A lattice of information. In: Proceedings of the Computer Security Foundations Workshop VI (CSFW 1993), Washington, Brussels, Tokyo, pp. 65–70. IEEE, Los Alamitos (1993)
Mastroeni, I.: On the Rôle of abstract non-interference in language-based security. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 418–433. Springer, Heidelberg (2005)
Ryan, P., McLean, J., Millen, J., Gligor, V.: Non-interference, who needs it? In: 14th IEEE Computer Security Foundations Workshop (CSFW 2001), Washington, Brussels, Tokyo, pp. 237–240. IEEE, Los Alamitos (2001)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 14(1), 59–91 (2001)
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: CSFW 2005: Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW 2005), Washington, DC, USA, pp. 255–269. IEEE Computer Society, Los Alamitos (2005)
Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Adetoye, A.O., Badii, A. (2009). A Policy Model for Secure Information Flow. In: Degano, P., Viganò, L. (eds) Foundations and Applications of Security Analysis. ARSPA-WITS 2009. Lecture Notes in Computer Science, vol 5511. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03459-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-03459-6_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03458-9
Online ISBN: 978-3-642-03459-6
eBook Packages: Computer ScienceComputer Science (R0)