PrinSec: Principled Security for Emerging Application Domains
Research Project , 2019 – 2022

Recent years have seen a proliferation of research on information flow control. While the progress has been tremendous, it has also given birth to a bewildering breed of concepts, policies, conditions, and enforcement mechanisms. Thus, when designing information flow controls for a new application domain, the designer is confronted with two basic questions: (i) What is the right security characterization for a new application domain? and (ii) What is the right enforcement for a new application domain?The project aims to develop a principled, semantic framework for designing information flow characterizations and enforcement mechanisms. The framework will enable us to roadmap security definitions and enforcement mechanisms, weed out inconsistencies from the folklore, and provide a well-grounded rationale for designing information flow policies and mechanisms for new application domains. We propose six principles to underly our framework: attacker-driven security, trust-aware security enforcement, separation of policy annotations and code, language-independence, justified abstraction, and permissiveness. We will integrate the framework with OS-based mechanisms, to make it suitable for deployment in resource-aware environments. Finally, the project will leverage the framework for modeling and enforcing security for the popular emerging domains of IoT and in-car apps.

Participants

Andrei Sabelfeld (contact)

Professor vid Chalmers, Computer Science and Engineering (Chalmers), Information Security

Funding

Swedish Research Council (VR)

Funding Chalmers participation during 2019–2022

Related Areas of Advance and Infrastructure

Information and Communication Technology

Areas of Advance

Basic sciences

Roots

More information

Latest update

2019-03-21