Protecting Information under Dynamic Policies: Specification, Conditions and Enforcement
Doctoral thesis, 2016

Information-flow control enforces security policies on the information handled by computer applications. These policies often contain dynamic aspects, specifying how the confidentiality and integrity of information changes over time. This thesis focuses on the enforcement of such dynamic policies. The contributions are divided into three parts. Firstly, we need a means to specify our dynamic concerns in a manner that can be understood by a computer. The thesis builds on the Paralocks language as a suitable specification mechanism for such dynamic policies. Secondly, having specified a dynamic policy we require an understanding of what it means for a program to comply with that policy. The thesis identifies and addresses several of the challenges that the dynamic nature of policies introduces. Finally, given a policy specification and a definition of policy compliance, we explore how we can mechanically verify this compliance on programs. The thesis discusses two approaches: one static, using a type system, and one dynamic, using a run-time monitor.

dynamic policies

datalog

information flow control

enforcement

security condition

Hörsalsvägen 14, HC 2
Opponent: Associate Professor Stephen Chong

Author

Bart van Delft

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Dynamic Enforcement of Dynamic Policies

PLAS 2015,; (2015)p. 28-41

Paper in proceeding

Paragon for Practical Programming with Information-Flow Control

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 8301(2013)p. 217-232

Paper in proceeding

Very static enforcement of dynamic policies

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 9036(2015)p. 32-52

Paper in proceeding

A Datalog Semantics for Paralocks

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 7783(2013)p. 305-320

Paper in proceeding

The Anatomy and Facets of Dynamic Policies

28th IEEE Computer Security Foundations Symposium (CSF), July 13-17, 2015, Verona, Italy,; (2015)p. 122-136

Paper in proceeding

Today, most of our valuable information is digital and processed by computer applications: cloud services store our pictures, apps on our smartphones update our contact lists, and web browsers access our bank accounts. Unfortunately, the security controls on this digital information are often more limited than we would like. If we want to allow our web browser to access our bank account and post on social networks, we can't prevent the browser from publishing our account's balance on Facebook. Information flow researchers have introduced various techniques that provide more fine-grained control on our digital data. This allows us to specify and enforce how we allow an application to process the information it has access too. In most existing work, we can only specify a single, non-changing security policy on our information. In practice however, we regularly change what information flows we do and do not want to allow. For example, we only want to share our pictures with social network contacts that are currently marked as friends. Or a company may only want to share its strategic plan with those employees who currently have a manager position. In this thesis we introduce support for such dynamic policies on our digital information. We discuss ways to specify these policies so that a computer can understand, update, and automatically enforce our security concerns.

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science

ISBN

978-91-7597-321-0

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie

Publisher

Chalmers

Hörsalsvägen 14, HC 2

Opponent: Associate Professor Stephen Chong

More information

Latest update

3/9/2020 1