Controlling Dependencies for Security and Privacy
Licentiatavhandling, 2011

This thesis explores several ways to diversify the field of Information Flow Control. At the heart of the field lie on one hand policies for describing limitations on information dependencies induced by a program, and on the other hand mechanisms to enforce such policies. We aim to improve the current state of the art by pointing out areas where current policy definitions and enforcement mechanisms fall short in terms of providing information confidentiality and integrity. We identify that integrity properties often must go beyond simple data dependencies, and provide a notion of {\em generalized invariants} for describing certain program correctness properties and show their enforcement can be incorporated in a standard monitor for Information Flow Control. For confidentiality, we show that termination insensitive security definitions may not be appropriate when programs can be invoked multiple times by an attacker, and suggest an improvement to type-based enforcement that extends the security definition to the multirun case. Furthermore, we seek overlaps between Information Flow Control and other fields. We explore the application of capability systems to enforce Information Flow Control policies, with positive results. We also study how tracking of data dependencies can be applied to improve the programming model for Differential Privacy, a framework providing strong theoretical guarantees regarding privacy preserving use of data.

information integrity

information security

dependency analysis

information confidentiality

information flow


Opponent: Sergio Maffeis, Imperial College, London, UK


Arnar Birgisson

Chalmers, Data- och informationsteknik, Programvaruteknik

Unifying Facets of Information Integrity

Lecture Notes in Computer Science,; Vol. 6503(2010)p. 48-65

Paper i proceeding


Informations- och kommunikationsteknik


Grundläggande vetenskaper





Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University


Opponent: Sergio Maffeis, Imperial College, London, UK