Security via Noninterference: Analyzing Information Flows

Nowadays, the security of information systems is of crucial importance. The large number of detected security vulnerabilities in many systems indicates that new methods for developing secure systems are necessary. These require an appropriate formal foundation. A widely used approach revolves around the notions noninterference and information flow. They allow to express and analyze the absence of illegal information flows and covert channels. In this thesis, the framework of noninterference for state-based asynchronous systems is extended and enriched with new techniques in order to gain a deeper understanding and a broader applicability. As a result, a formal foundation for developing secure systems is obtained. First, new results for the notion of intransitive noninterference are obtained. In particular, a complete characterization by unwinding relations makes the development of a polynomial-time verification algorithm possible in the first place. Second, the previous noninterference definitions are extended with support for policies changing during execution. To capture all resulting security requirements, a new theory of so-called dynamic noninterference is developed and compared to previous approaches. The applicability of this framework is demonstrated by several examples and a complex case study of a distributed dynamic access control system. Third, algorithmic problems are examined, in particular with regard to the question of decidability and complexity of the analyzed security definitions. New undecidability results for some of the present security definitions are obtained, and new efficient algorithms for the verification of both the previously existing and in this thesis developed different notions of noninterference are established

Delimited Persistent Stochastic Non-Interference

Non-Interference is an information flow security property which aims to protect confidential data by ensuring the complete absence of any information flow from high level entities to low level ones. However, this requirement is too demanding when dealing with real applications: indeed, no real policy ever guarantees a total absence of information flow. In order to deal with real applications, it is often necessary to allow mechanisms for downgrading or declassifying information such as information filters and channel control. In this paper we generalize the notion of Persistent Stochastic Non-Interference (PSNI) in order to allow information to flow from a higher to a lower security level through a downgrader. We introduce the notion of Delimited Persistent Stochastic Non-Interference (D_PSNI) and provide two characterizations of it, one expressed in terms of bisimulation-like equivalence checks and another one formulated through unwinding conditions. Then we prove some compositionality properties. Finally, we present a decision algorithm and discuss its complexity

Security for Cloud Environment through Information Flow Properties Formalization with a First-Order Temporal Logic

The main slowdown of Cloud activity comes from the lack of reliable security. The on-demand security concept aims at delivering and enforcing the client's security requirements. In this paper, we present an approach, Information Flow Past Linear Time Logic (IF-PLTL), to specify how a system can support a large range of security properties. We present in this paper how to control those information flows from lower system events. We give complete details over IF-PLTL syntax and semantics. Furthermore, that logic enables to formalize a large set of security policies. Our approach is exemplified with the Chinese Wall commercial-related policy. Finally, we discuss the extension of IF-PLTL with dynamic relabeling to encompass more realistic situations through the dynamic domains isolation policy.La principale cause de ralentissement de l'adoption du Cloud est le manque de sécurité fiable. Le concept de sécurité à la demande est de déployer et d'appliquer les demandes de sécurité d'un client. Dans ce papier, nous présentons une approche, Information Flow Past Linear Time Logic (IF-PLTL), qui permet de spécifier comment un système peut supporter un large ensemble de propriétés de sécurité. Nous présentons dans ce papier comment ces flux d'information peuvent être contrôler en utilisant les événements systèmes de bas niveau. Nous donnons une description compléte de la syntaxe de IF-PLTL ainsi que sa sémantique. De plus, cette logique permet de formaliser un large ensemble de politiques de sécurité. Notre approche est illustrée par la politique de sécurité de la muraille de Chine orienté vers le monde commercial. Finalement, nous montrons comment nous avons étendu notre langage pour supporter la relabélisation dynamique qui permet de supporter la dynamicité inhérante des systèmes. Nous illustrons cette extension par la formalisation d'une propriété de sécurité pour l'isolation dynamique de domaines