eCommons

 

Block-safe Information Flow Control

dc.contributor.authorKozyri, Elisavet
dc.contributor.authorDesharnais, Josée
dc.contributor.authorTawbi, Nadia
dc.date.accessioned2016-08-09T18:09:08Z
dc.date.available2016-08-09T18:09:08Z
dc.date.issued2016-08-09
dc.description.abstractFlow-sensitive dynamic enforcement mechanisms for information flow labels offer increased permissiveness. However, these mechanisms may leak sensitive information when deciding to block insecure executions. When enforcing two labels (e.g., secret and public), sensitive information is leaked from the context in which this decision is taken. When enforcing arbitrary labels, additional sensitive information is leaked from the labels involved in the decision to block an execution. We give examples where, contrary to a common belief, a mechanism designed to enforce two labels may not be able to enforce arbitrary labels, due to this additional leakage. In fact, it is not trivial to design a dynamic enforcement that offers increased permissiveness, handles multiple labels, and does not introduce information leakage due to blocking insecure executions. In this paper, we present a dynamic enforcement mechanism of information flow labels that has all these three attributes. Our mechanism is not purely dynamic, since it uses a light-weight, on-the-fly, static analysis of untaken branches. We prove that the set of all normally terminated and blocked traces of a program, which is executed under our mechanism, satisfies noninterference, against principals that make observations throughout execution.en_US
dc.identifier.urihttps://hdl.handle.net/1813/44564
dc.language.isoen_USen_US
dc.rightsAttribution-NonCommercial 4.0 International*
dc.rights.urihttps://creativecommons.org/licenses/by-nc/4.0/*
dc.titleBlock-safe Information Flow Controlen_US

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
paper.pdf
Size:
504.58 KB
Format:
Adobe Portable Document Format
Description: