a multi-compositional enforcement on information flow security
文献类型:会议论文
| 作者 | Sun Cong ; Zhai Ennan ; Chen Zhong ; Ma Jianfeng |
| 出版日期 | 2011 |
| 会议名称 | 13th International Conference on Information and Communications Security, ICICS 2011 |
| 会议日期 | November 2 |
| 会议地点 | Beijing, China |
| 关键词 | Abstracting Flow control Public policy Static analysis |
| 页码 | 345-359 |
| 中文摘要 | Interactive/Reactive computational model is known to be proper abstraction of many pervasively used systems, such as client-side web-based applications. The critical task of information flow control mechanisms aims to determine whether the interactive program can guarantee the confidentiality of secret data. We propose an efficient and flow-sensitive static analysis to enforce information flow policy on program with interactive I/Os. A reachability analysis is performed on the abstract model after a form of transformation, called multi-composition, to check the conformance with the policy. In the multi-composition we develop a store-match pattern to avoid duplicating the I/O channels in the model, and use the principle of secure multi-execution to generalize the security lattice model which is supported by other approaches based on automated verification. We also extend our approach to support a stronger version of termination-insensitive noninterference. The results of preliminary experiments show that our approach is more precise than existing flow-sensitive analysis and the cost of verification is reduced through the store-match pattern. © 2011 Springer-Verlag. |
| 英文摘要 | Interactive/Reactive computational model is known to be proper abstraction of many pervasively used systems, such as client-side web-based applications. The critical task of information flow control mechanisms aims to determine whether the interactive program can guarantee the confidentiality of secret data. We propose an efficient and flow-sensitive static analysis to enforce information flow policy on program with interactive I/Os. A reachability analysis is performed on the abstract model after a form of transformation, called multi-composition, to check the conformance with the policy. In the multi-composition we develop a store-match pattern to avoid duplicating the I/O channels in the model, and use the principle of secure multi-execution to generalize the security lattice model which is supported by other approaches based on automated verification. We also extend our approach to support a stronger version of termination-insensitive noninterference. The results of preliminary experiments show that our approach is more precise than existing flow-sensitive analysis and the cost of verification is reduced through the store-match pattern. © 2011 Springer-Verlag. |
| 收录类别 | EI |
| 会议主办者 | National Natural Science Foundation of China (NNSFC); The Microsoft Corporation; Beijing Tip Technology Corporation; Trusted Computing Group (TCG) |
| 会议录 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
 |
| 语种 | 英语 |
| ISSN号 | 0302-9743 |
| ISBN号 | 9783642252426 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16226]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Sun Cong,Zhai Ennan,Chen Zhong,et al. a multi-compositional enforcement on information flow security[C]. 见:13th International Conference on Information and Communications Security, ICICS 2011. Beijing, China. November 2. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。