353,772 research outputs found
Declassification of Faceted Values in JavaScript
This research addresses the issues with protecting sensitive information at the language level using information flow control mechanisms (IFC). Most of the IFC mechanisms face the challenge of releasing sensitive information in a restricted or limited manner. This research uses faceted values, an IFC mechanism that has shown promising flexibility for downgrading the confidential information in a secure manner, also called declassification.
In this project, we introduce the concept of first-class labels to simplify the declassification of faceted values. To validate the utility of our approach we show how the combination of faceted values and first-class labels can build various declassification mechanisms
The Anatomy and Facets of Dynamic Policies
Information flow policies are often dynamic; the security concerns of a
program will typically change during execution to reflect security-relevant
events. A key challenge is how to best specify, and give proper meaning to,
such dynamic policies. A large number of approaches exist that tackle that
challenge, each yielding some important, but unconnected, insight. In this work
we synthesise existing knowledge on dynamic policies, with an aim to establish
a common terminology, best practices, and frameworks for reasoning about them.
We introduce the concept of facets to illuminate subtleties in the semantics of
policies, and closely examine the anatomy of policies and the expressiveness of
policy specification mechanisms. We further explore the relation between
dynamic policies and the concept of declassification.Comment: Technical Report of publication under the same name in Computer
Security Foundations (CSF) 201
The PER model of abstract non-interference
Abstract. In this paper, we study the relationship between two models of secure information flow: the PER model (which uses equivalence relations) and the abstract non-interference model (which uses upper closure operators). We embed the lattice of equivalence relations into the lattice of closures, re-interpreting abstract non-interference over the lattice of equivalence relations. For narrow abstract non-interference, we show non-interference it is strictly less general. The relational presentation of abstract non-interference leads to a simplified construction of the most concrete harmless attacker. Moreover, the PER model of abstract noninterference allows us to derive unconstrained attacker models, which do not necessarily either observe all public information or ignore all private information. Finally, we show how abstract domain completeness can be used for enforcing the PER model of abstract non-interference
- …