An Information Flow Approach to Fault-Tolerant Security and Information Erasure

Doktorsavhandling, 2014

Sensitive information is a crucial asset for both individuals and companies. Since it is processed in a largely automated way, it is important that the computational infrastructures are equipped with methods for reasoning about and enforcing security policies. Information flow security has been proposed for this purpose in many contexts. This thesis explores the applicability of information flow security to two novel scenarios. The first part of the thesis reasons about the confidentiality of sensitive data when systems are disrupted by environmental noise. We formalize a family of information flow security properties for this context, and investigate two strategies to enforce them. The strategies differ in their nature (program transformation vs program analysis), in the assumption about the underlying hardware model (the amount of fault-tolerance provided by the system) and in the security property they guarantee. The second part of the thesis focuses on an important but less-studied aspect of security, namely information erasure. We want to make sure that programs dispose of sensitive data when it is no longer necessary. We reason about the problem from two perspectives. On the theoretical side we improve the information flow characterization of erasure by introducing a framework for expressing quantitative and conditional erasure policies. Also, we establish a model for the sensitive data provider, whose behavior determines whether erasure can be successfully performed or not. On the practical side we propose an enforcement mechanism (as a Python library) that allows programmers to enforce erasure policies with minor annotations of existing code.