Recent years have seen a proliferation of research on information flow control. While the progress has been tremendous, it has also given birth to a bewildering breed of concepts, policies, conditions, and enforcement mechanisms. Thus, when designing information flow controls for a new application domain, the designer is confronted with two basic questions: (i) What is the right security characterization for a new application domain? and (ii) What is the right enforcement for a new application domain?The project aims to develop a principled, semantic framework for designing information flow characterizations and enforcement mechanisms. The framework will enable us to roadmap security definitions and enforcement mechanisms, weed out inconsistencies from the folklore, and provide a well-grounded rationale for designing information flow policies and mechanisms for new application domains. We propose six principles to underly our framework: attacker-driven security, trust-aware security enforcement, separation of policy annotations and code, language-independence, justified abstraction, and permissiveness. We will integrate the framework with OS-based mechanisms, to make it suitable for deployment in resource-aware environments. Finally, the project will leverage the framework for modeling and enforcing security for the popular emerging domains of IoT and in-car apps.
Full Professor at Chalmers, Computer Science and Engineering (Chalmers), Information Security
Visiting Researcher at Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Funding Chalmers participation during 2019–2022
Areas of Advance