A model of information flow control to determine whether malfunctions cause the privacy invasion

Authors:
David Evans;David M. Eyers;Jean Bacon
Affiliations:
University of Cambridge, Cambridge, UK;University of Otago, Dunedin, New Zealand;University of Cambridge, Cambridge, UK
Venue:
Proceedings of the First Workshop on Measurement, Privacy, and Mobility
Year:
2012

Citing 8
Cited 1

Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
Labels and event processes in the asbestos operating system

Proceedings of the twentieth ACM symposium on Operating systems principles
Information flow control for standard OS abstractions

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar

OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
SIF: enforcing confidentiality and integrity in web applications

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Fabric: a platform for secure distributed computation and storage

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Information Flow Control for Static Enforcement of User-Defined Privacy Policies

POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
SafeWeb: a middleware for securing ruby-based web applications

Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware

Melding security metadata between software and hardware

Proceedings of the Posters and Demo Track

Quantified Score

Hi-index	0.00

Visualization

Abstract

Privacy is difficult to assure in complex systems that collect, process, and store data about individuals. The problem is particularly acute when data arise from sensing physical phenomena as individuals are unlikely to realise that actions such as walking past a building generate privacy-sensitive data. Information Flow Control (IFC) is a mature technique for managing security and privacy concerns in large distributed systems. This paper describes (i) how the meta-data required by IFC, in the form of tags, can reflect the physical properties of sensors; and (ii) how the formal expression of the IFC this allows can be used to, statically, determine the proportion of the system that handles private data and how this changes in the face of software or human malfunctions.