Controlling Dependencies for Security and Privacy
Licentiatavhandling, 2011

This thesis explores several ways to diversify the field of Information Flow Control. At the heart of the field lie on one hand policies for describing limitations on information dependencies induced by a program, and on the other hand mechanisms to enforce such policies. We aim to improve the current state of the art by pointing out areas where current policy definitions and enforcement mechanisms fall short in terms of providing information confidentiality and integrity. We identify that integrity properties often must go beyond simple data dependencies, and provide a notion of {\em generalized invariants} for describing certain program correctness properties and show their enforcement can be incorporated in a standard monitor for Information Flow Control. For confidentiality, we show that termination insensitive security definitions may not be appropriate when programs can be invoked multiple times by an attacker, and suggest an improvement to type-based enforcement that extends the security definition to the multirun case. Furthermore, we seek overlaps between Information Flow Control and other fields. We explore the application of capability systems to enforce Information Flow Control policies, with positive results. We also study how tracking of data dependencies can be applied to improve the programming model for Differential Privacy, a framework providing strong theoretical guarantees regarding privacy preserving use of data.

information integrity

information security

dependency analysis

information confidentiality

information flow

privacy

Sal EC, EDIT
Opponent: Sergio Maffeis, Imperial College, London, UK

Författare

Arnar Birgisson

Chalmers, Data- och informationsteknik, Programvaruteknik

Unifying Facets of Information Integrity

Lecture Notes in Computer Science,; Vol. 6503(2010)p. 48-65

Paper i proceeding

Styrkeområden

Informations- och kommunikationsteknik

Fundament

Grundläggande vetenskaper

Ämneskategorier

Programvaruteknik

ISBN

1652-876X

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University

Sal EC, EDIT

Opponent: Sergio Maffeis, Imperial College, London, UK