Show simple item record

dc.contributor.authorKozyri, Elisavet
dc.date.accessioned2019-04-02T14:01:06Z
dc.date.available2019-04-02T14:01:06Z
dc.date.issued2018-12-30
dc.identifier.otherKozyri_cornellgrad_0058F_11175
dc.identifier.otherhttp://dissertations.umi.com/cornellgrad:11175
dc.identifier.otherbibid: 10758104
dc.identifier.urihttps://hdl.handle.net/1813/64964
dc.description.abstractIncreasing the expressiveness of information flow labels can improve the permissiveness of an enforcement mechanism. This thesis studies two formulations of expressive information flow labels: RIF labels and label chains. Restrictions that a reactive information flow (RIF) label imposes on a value depend on the sequence of operations used to derive that value. This allows declassification, endorsement, and other forms of reclassification to be supported in a uniform way. Piecewise noninterference (PWNI) is introduced as the appropriate security policy. A type system is given for static enforcement of PWNI in programs that associate checkable classes of RIF labels with variables. Two checkable classes of RIF labels are described: general-purpose RIF automata and κ-labels for programs that use cryptographic operations. But labels themselves can encode information, and thus, certain restrictions should be imposed on their use, too. A new family of dynamic enforcement mechanisms is derived to leverage arbitrarily long label chains, where each label in the chain defines restrictions for its predecessor. These enforcers satisfy Block-safe Noninterference (BNI), which proscribes leaks from observing variables, label chains, and blocked executions. Theorems characterize where longer label chains improve permissiveness of dynamic enforcement mechanisms that satisfy BNI. These theorems depend on semantic attributes of such mechanisms as well as on initialization, threat model, and size of lattice of labels.
dc.language.isoen_US
dc.rightsAttribution 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/
dc.subjectreclassification
dc.subjectComputer science
dc.subjectinformation flow
dc.subjectlabel chain
dc.subjectlanguage-based
dc.subjectpermissiveness
dc.subjectreactive
dc.titleENHANCING EXPRESSIVENESS OF INFORMATION FLOW LABELS: RECLASSIFICATION AND PERMISSIVENESS
dc.typedissertation or thesis
thesis.degree.disciplineComputer Science
thesis.degree.grantorCornell University
thesis.degree.levelDoctor of Philosophy
thesis.degree.namePh. D., Computer Science
dc.contributor.chairSchneider, Fred Barry
dc.contributor.committeeMemberMyers, Andrew C.
dc.contributor.committeeMemberShore, Richard A.
dcterms.licensehttps://hdl.handle.net/1813/59810
dc.identifier.doihttps://doi.org/10.7298/vbr1-eb13


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Except where otherwise noted, this item's license is described as Attribution 4.0 International

Statistics