A multi-compositional enforcement on information flow security

Authors:
Cong Sun;Ennan Zhai;Zhong Chen;Jianfeng Ma
Affiliations:
Key Lab. of Computer Networks and Information Security, Xidian Univ., MoE, China and Key Lab. of High Confidence Software Technologies, Peking Univ., MoE, China and Key Lab. of Network and Softwar ...;Institute of Software, Chinese Academy of Sciences;Key Lab. of High Confidence Software Technologies, Peking Univ., MoE, China and Key Lab. of Network and Software Security Assurance;Key Lab. of Computer Networks and Information Security, Xidian Univ., MoE, China
Venue:
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Year:
2011

Citing 15
Cited 0

A sound type system for secure flow analysis

Journal of Computer Security
Eliminating Covert Flows with Minimum Typings

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Secure Information Flow by Self-Composition

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Information-Flow Security for Interactive Programs

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Instruction-level security typing by abstract interpretation

International Journal of Information Security
Improving usability of information flow security in java

Proceedings of the 2007 workshop on Programming languages and analysis for security
Termination-Insensitive Noninterference Leaks More Than Just a Bit

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Secure Information Flow by Model Checking Pushdown System

UIC-ATC '09 Proceedings of the 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing
Reactive noninterference

Proceedings of the 16th ACM conference on Computer and communications security
Automata-based confidentiality monitoring

ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Secure Information Flow in Java via Reachability Analysis of Pushdown System

QSIC '10 Proceedings of the 2010 10th International Conference on Quality Software
Noninterference through Secure Multi-execution

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Secure information flow as a safety problem

SAS'05 Proceedings of the 12th international conference on Static Analysis
From coupling relations to mated invariants for checking information flow

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Interactive/Reactive computational model is known to be proper abstraction of many pervasively used systems, such as clientside web-based applications. The critical task of information flow control mechanisms aims to determine whether the interactive program can guarantee the confidentiality of secret data. We propose an efficient and flow-sensitive static analysis to enforce information flow policy on program with interactive I/Os. A reachability analysis is performed on the abstract model after a form of transformation, called multi-composition, to check the conformance with the policy. In the multi-composition we develop a store-match pattern to avoid duplicating the I/O channels in the model, and use the principle of secure multi-execution to generalize the security lattice model which is supported by other approaches based on automated verification. We also extend our approach to support a stronger version of termination-insensitive noninterference. The results of preliminary experiments show that our approach is more precise than existing flow-sensitive analysis and the cost of verification is reduced through the store-match pattern.