Quantitative Robust Declassification
نویسندگان
چکیده
The previous declassification policies focus on qualitative analysis of security properties along different dimensions, lacking quantitative analysis of them. As a step in this direction, we relax restrictiveness of robustness of declassification from the quantitative aspect, and propose a definition of robustness rate of declassification, based on Shannon’s measure method of information lattice. We show our definition is equivalent to robust declassification when the value of robustness rate is equal to 1. Moreover, we make a theoretical and experimental analysis of robust rate about the laundering attack on average salary, respectively. The experimental results are consistent with the theoretical results completely.
منابع مشابه
A Type System for Robust Declassification
Language-based approaches to information security have led to the development of security type systems that permit the programmer to describe confidentiality policies on data. Security type systems are usually intended to enforce noninterference, a property that requires that high-security information not affect low-security computation. However, in practice, noninterference is often too restri...
متن کاملRobust Declassification
Security properties based on information flow, such as noninterference, provide strong guarantees that confidentiality is maintained. However, programs often need to leak some amount of confidential information in order to serve their intended purpose, and thus violate noninterference. Real systems that control information flow often include mechanisms for downgrading or declassifying informati...
متن کاملNonmalleable Information Flow: Technical Report
Noninterference is a popular semantic security condition because it offers strong end-to-end guarantees, it is inherently compositional, and it can be enforced using a simple security type system. Unfortunately, it is too restrictive for real systems. Mechanisms for downgrading information are needed to capture real-world security requirements, but downgrading eliminates the strong compositiona...
متن کاملA Semantic Framework for Declassification and Endorsement
Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification mechanisms for relaxing confidentiality policies, and endorsement mechanisms for relaxing integrity policies. However, a continuing challenge has been ...
متن کاملEnforcing Robust Declassification and Qualified Robustness
Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems release sensitive information as part of their intended function and therefore violate noninterference. To control information flow while permitting information release, some systems have a downgrading or declassification mechanism, but this creates the danger that i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014