Notes on Information Flow Control
ثبت نشده
چکیده
The goal of information flow control is to enforce IF policies associated with variables in a program. Assume there is a mapping Γ from variables to labels, which represent desired IF policies. The enforcement mechanism should ensure that a program and the accompanied mapping Γ satisfy noninterference. For these notes, we consider the following definition of noninterference for confidentiality: if M1 =L M2, then C(M1) =L C(M2).
منابع مشابه
Flow-sensitive Leakage Analysis in Mobile Ambients
In this paper, we present a refinement of a Control Flow Analysis aimed at studying information flow security in the the calculus of Mobile Ambients. The improvements are achieved by making the analysis be flow-sensitive: the analysis is able to keep track of temporal dependencies of capabilities application when computing a safe approximation of the run-time topology of Mobile Ambient processes.
متن کاملGame Semantics for Access Control
We introduce a semantic approach to the study of logics for access control and dependency analysis, based on Game Semantics. We use a variant of AJM games with explicit justification (but without pointers). Based on this, we give a simple and intuitive model of the information flow constraints underlying access control. This is used to give strikingly simple proofs of non-interference theorems ...
متن کاملLecture Notes on Language-Based Security
These lecture notes discuss language-based security, which is the term loosely used for the collection of features and mechanisms that a programming language can provide to help in building secure applications. These features include: memory-safety and typing, as offered by so-called safe programming languages; language mechanisms to enforce various forms of access control (such as sandboxing),...
متن کاملBehind BANANA: Design and Implementation of a Tool for Nesting Analysis of Mobile Ambients
We present a survey of the work on control-flow analysis carried on by the Venice Team during the Mefisto project. We study security issues, in particular information leakage detection, in the context of the Mobile Ambient calculus. We describe BANANA, a Java-based tool for ambient nesting analysis, by focussing on analysis accuracy and algorithmic optimizations.
متن کاملA Virtual Machine Based Information Flow Control System for Policy Enforcement
The ability to enforce usage policies attached to data in a fine grained manner requires that the system be able to trace and control the flow of information within it. This paper presents the design and implementation of such an information flow control system, named Trishul, as a Java Virtual Machine. In particular we address the hard problem of tracing implicit information flow, which had no...
متن کامل