A Better Facet of Dynamic Information Flow Control
Paper in proceeding, 2018

Multiple Facets (MF) is a dynamic enforcement mechanism which has proved to be a good fit for implementing information flow security for JavaScript. It relies on multi executing the program, once per each security level or view, to achieve soundness. By looking inside programs, MF encodes the views to reduce the number of needed multi-executions. In this work, we extend Multiple Facets in three directions. First, we propose a new version of MF for arbitrary lattices, called Generalised Multiple Facets, or GMF. GMF strictly generalizes MF, which was originally proposed for a specific lattice of principals. Second, we propose a new optimization on top of GMF that further reduces the number of executions. Third, we strengthen the security guarantees provided by Multiple Facets by proposing a termination sensitive version that eliminates covert channels due to termination.

secure multi-execution

noninterference

multiple facets

dynamic information flow control

Author

Minh Ngo

Institut National de Recherche en Informatique et en Automatique (INRIA)

Nataliia Bielova

Institut National de Recherche en Informatique et en Automatique (INRIA)

Cormac Flanagan

UCSC

T. Rezk

Institut National de Recherche en Informatique et en Automatique (INRIA)

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Thomas Schmitz

UCSC

The Web Conference 2018 - Companion of the World Wide Web Conference, WWW 2018

731-739

27th International World Wide Web, WWW 2018
Lyon, France,

Subject Categories

Embedded Systems

Computer Science

Computer Systems

DOI

10.1145/3184558.3185979

More information

Latest update

7/8/2020 8