Block-safe Information Flow Control
dc.contributor.author | Kozyri, Elisavet | |
dc.contributor.author | Desharnais, Josée | |
dc.contributor.author | Tawbi, Nadia | |
dc.date.accessioned | 2016-08-09T18:09:08Z | |
dc.date.available | 2016-08-09T18:09:08Z | |
dc.date.issued | 2016-08-09 | |
dc.description.abstract | Flow-sensitive dynamic enforcement mechanisms for information flow labels offer increased permissiveness. However, these mechanisms may leak sensitive information when deciding to block insecure executions. When enforcing two labels (e.g., secret and public), sensitive information is leaked from the context in which this decision is taken. When enforcing arbitrary labels, additional sensitive information is leaked from the labels involved in the decision to block an execution. We give examples where, contrary to a common belief, a mechanism designed to enforce two labels may not be able to enforce arbitrary labels, due to this additional leakage. In fact, it is not trivial to design a dynamic enforcement that offers increased permissiveness, handles multiple labels, and does not introduce information leakage due to blocking insecure executions. In this paper, we present a dynamic enforcement mechanism of information flow labels that has all these three attributes. Our mechanism is not purely dynamic, since it uses a light-weight, on-the-fly, static analysis of untaken branches. We prove that the set of all normally terminated and blocked traces of a program, which is executed under our mechanism, satisfies noninterference, against principals that make observations throughout execution. | en_US |
dc.identifier.uri | https://hdl.handle.net/1813/44564 | |
dc.language.iso | en_US | en_US |
dc.rights | Attribution-NonCommercial 4.0 International | * |
dc.rights.uri | https://creativecommons.org/licenses/by-nc/4.0/ | * |
dc.title | Block-safe Information Flow Control | en_US |
Files
Original bundle
1 - 1 of 1