Towards Formal Security Analysis of Decentralized Information Flow Control Policies
نویسندگان
چکیده
Decentralized information flow control (DIFC) is a key innovation of traditional information flow control (IFC). Compared with IFC, DIFC provides new features including decentralized declassification, taint-tracking, and privilege-transferring. These characteristics also make DIFC able to achieve more fine-grained security goals. However, the flexibility of DIFC also presents challenges to its policy verification which existing approaches have not been able to effectively solve. This paper formalizes the DIFC’s policy verification problem, and uses Computational Tree Logic formulae to express finegrained security goals. This paper also proves that the DIFC’s policy verification problem is NP-complete, and discusses the main factors resulting in its high computational complexity. Further, a model checking approach is proposed to realize DIFC’s policy verification. Experimental results show that our proposed approach is effective.
منابع مشابه
CAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملComplete, Safe Information Flow with Decentralized Labels
The growing use of mobile code in downloaded applications and servlets has increased interest in robust mechanisms for ensuring privacy and secrecy. Information flow control is intended to directly address privacy and secrecy concerns, but most information flow models are too restrictive to be widely used. The decentralized label model is a new information flow model that extends traditional mo...
متن کاملMultilevel Security and Information Flow in Petri Net Workflows
In information systems — especially with the growing importance of electronic commerce — the modeling and analysis of business processes has raised interest over the last years. If combined with security issues, a formal model of a process can be used to analyze the system according to specific policies. This paper presents a Petri net model for business processes that combines information and ...
متن کاملTowards an Integrated Formal Analysis for Security and Trust
We aim at defining an integrated framework for the specification and (automated) analysis for security and trust in complex and dynamic scenarios. In particular, we show how the same machinery used for the formal verification of security protocols may be used to analyze access control policies based on trust management.
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کامل