Information Erasure: An Information-Flow Approach to Semantics and Enforcement
Many modern online services require sensitive data to complete their tasks. For this reason, guaranteeing security policies in such services is a major concern. The traditional (and well studied) aspects of security, namely conﬁdentiality, integrity, and availability of data, capture many but not all desirable policies involving sensitive-data. In this thesis we study an important but less-studied aspect of security, namely information erasure. More in detail, this work presents an information-ﬂow approach to information erasure, that tries to address both its formal semantics and an enforcement mechanism.
Our results in the formalization of information erasure are twofold. On one hand, we present a novel information-ﬂow framework to express quantitative and conditional erasure policies. The framework is equipped with a knowledge-based notion of erasure policies that takes into account both the semantics of the system enforcing erasure, and the observational power of the attacker. On the other hand, we show how to include an explicit model of the user who provides secrets to the system which is to perform erasure. By doing so we are able to provide guarantees for erasure policies as long as the user’s behaviour is within certain well-deﬁned bounds.
The thesis also shows a concrete implementation of an enforcement mechanism as a library in Python. The library allows programmers to embed expressive erasure policies (involving arbitrary conditions, over resources of the runtime environment, when erasure is performed as well
as time-based policies). The library supports policy annotations that do not require changes to the runtime system and adapt smoothly to existing applications.
Room EB, ED&IT Building, Rännvägen 6B, Chalmers University of Technology
Opponent: Prof. René Rydhof Hansen, Ph.D., Department of Computer Science, Aalborg University, Denmark