Prudent Design Principles for Information Flow Control
Paper in proceeding, 2018

Recent years have seen a proliferation of research on information flow control. While the progress has been tremendous, it has also given birth to a bewildering breed of concepts, policies, conditions, and enforcement mechanisms. Thus, when designing information flow controls for a new application domain, the designer is confronted with two basic questions: (i) What is the right security characterization for a new application domain? and (ii) What is the right enforcement mechanism for a new application domain?
This paper puts forward six informal principles for designing information flow security definitions and enforcement mechanisms: attacker-driven security, trust-aware enforcement, separation of policy annotations and code, language-independence, justified abstraction, and permissiveness. We particularly highlight the core principles of attacker-driven security and trust-aware enforcement, giving us a rationale for deliberating over soundness vs. soundiness. The principles contribute to roadmapping the state of the art in information flow security, weeding out inconsistencies from the folklore, and providing a rationale for designing information flow characterizations and enforcement mechanisms for new application domains.

attacker models

information flow control



Iulia Bastys

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Frank Piessens

KU Leuven

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Proceedings of the ACM Conference on Computer and Communications Security

15437221 (ISSN)

978-1-4503-5993-1 (ISBN)

13th Workshop on Programming Languages and Analysis for Security
Toronto, Canada,

Subject Categories

Computer and Information Science





More information

Latest update