Show simple item record

dc.contributor.authorKozyri, Elisavet
dc.contributor.authorDesharnais, Josée
dc.contributor.authorTawbi, Nadia
dc.description.abstractFlow-sensitive dynamic enforcement mechanisms for information flow labels offer increased permissiveness. However, these mechanisms may leak sensitive information when deciding to block insecure executions. When enforcing two labels (e.g., secret and public), sensitive information is leaked from the context in which this decision is taken. When enforcing arbitrary labels, additional sensitive information is leaked from the labels involved in the decision to block an execution. We give examples where, contrary to a common belief, a mechanism designed to enforce two labels may not be able to enforce arbitrary labels, due to this additional leakage. In fact, it is not trivial to design a dynamic enforcement that offers increased permissiveness, handles multiple labels, and does not introduce information leakage due to blocking insecure executions. In this paper, we present a dynamic enforcement mechanism of information flow labels that has all these three attributes. Our mechanism is not purely dynamic, since it uses a light-weight, on-the-fly, static analysis of untaken branches. We prove that the set of all normally terminated and blocked traces of a program, which is executed under our mechanism, satisfies noninterference, against principals that make observations throughout execution.en_US
dc.rightsAttribution-NonCommercial 4.0 International*
dc.titleBlock-safe Information Flow Controlen_US

Files in this item


This item appears in the following Collection(s)

Show simple item record

Except where otherwise noted, this item's license is described as Attribution-NonCommercial 4.0 International