Improving the semantics of imperfect security
Paper in proceedings, 2009

Information flow policies that evolve over time (including, for example, declassification) are widely recognised as an essential ingredient in useable information flow control system. In previous work ([BS06a, BS06b]) we have shown one approach to such policies, flow locks, which is a very general and flexible system capable of encoding many other proposed approaches. However, any such policy approach is only useful if we have a precise specification - a semantic model - of what we are trying to enforce. A semantic model gives us insight into what a policy actually guarantees, and defines the precise goals of any enforcement mechanism. Unfortunately, semantic models of declassification can be both inaccurate and difficult to understand. This was definitely the case for the flow locks system as presented in [BS06a, BS06b], and we have found that the main problem is one common to most proposed models to date. We will start by discussing the problem in general, and then go on to sketch its solution for the flow locks system specifically.

Author

Niklas Broberg

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 5511 LNCS 88-91

Subject Categories

Computer and Information Science

DOI

10.1007/978-3-642-03459-6_6

ISBN

978-364203458-9

More information

Created

12/1/2017