Poster: towards formal verification of DIFC policies

Authors:
Zhi Yang;Lihua Yin;Miyi Duan;Shuyuan Jin
Affiliations:
Information Engineering University, ZhenZhou, China;Chinese Academy of Sciences, Beijing, China;Chinese Academy of Sciences, Beijing, China;Chinese Academy of Sciences, Beijing, China
Venue:
Proceedings of the 18th ACM conference on Computer and communications security
Year:
2011

Citing 11
Cited 0

Symbolic model checking using SAT procedures instead of BDDs

Proceedings of the 36th annual ACM/IEEE Design Automation Conference
Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
Robust Declassification

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Dimensions and Principles of Declassification

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Labels and event processes in the asbestos operating system

Proceedings of the twentieth ACM symposium on Operating systems principles
Information flow control for standard OS abstractions

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar

OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
EON: modeling and analyzing dynamic access control systems with logic programs

Proceedings of the 15th ACM conference on Computer and communications security
Verifying Information Flow Control over Unbounded Processes

FM '09 Proceedings of the 2nd World Congress on Formal Methods
DIFC programs by automatic instrumentation

Proceedings of the 17th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Decentralized information flow control (DIFC) is a recent important innovation with flexible mechanisms to improve the availability of traditional information flow models. However, the flexibility of DIFC models also makes specifying and managing DIFC policies a challenging problem. The formal policy verification techniques can improve the current state of the art of policy specification and management. We show that in general these problems of policy verification of the main DIFC systems are NP-hard, and show that several subcases remain NP-complete. We also propose an approach of model checking to solve these problems. Experiments are presented to show that this approach is effective.