An Information Flow Approach to Fault-Tolerant Security and Information Erasure
Doktorsavhandling, 2014

Sensitive information is a crucial asset for both individuals and companies. Since it is processed in a largely automated way, it is important that the computational infrastructures are equipped with methods for reasoning about and enforcing security policies. Information flow security has been proposed for this purpose in many contexts. This thesis explores the applicability of information flow security to two novel scenarios. The first part of the thesis reasons about the confidentiality of sensitive data when systems are disrupted by environmental noise. We formalize a family of information flow security properties for this context, and investigate two strategies to enforce them. The strategies differ in their nature (program transformation vs program analysis), in the assumption about the underlying hardware model (the amount of fault-tolerance provided by the system) and in the security property they guarantee. The second part of the thesis focuses on an important but less-studied aspect of security, namely information erasure. We want to make sure that programs dispose of sensitive data when it is no longer necessary. We reason about the problem from two perspectives. On the theoretical side we improve the information flow characterization of erasure by introducing a framework for expressing quantitative and conditional erasure policies. Also, we establish a model for the sensitive data provider, whose behavior determines whether erasure can be successfully performed or not. On the practical side we propose an enforcement mechanism (as a Python library) that allows programmers to enforce erasure policies with minor annotations of existing code.

Fault Tolerance

Information Erasure

Information flow security

Room EA, ED&IT building, Rännvägen 6B, Chalmers University of Technology
Opponent: Prof. Geoffrey Smith, Florida International University, Miami, Florida, USA

Författare

Filippo Del Tedesco

Chalmers, Data- och informationsteknik, Programvaruteknik

Implementing Erasure Policies Using Taint Analysis

Lecture Notes in Computer Science,; Vol. 7127(2010)p. 193-209

Paper i proceeding

A user model for information erasure.

Proceedings 7th International Workshop on Security Issues in Concurrency, Bologna (Italy), 5th September 2009,; Vol. EPTCS 7(2009)

Paper i proceeding

A Semantic Hierarchy for Erasure Policies

Lecture Notes in Computer Science,; Vol. 7093(2011)p. 352-369

Paper i proceeding

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Datavetenskap (datalogi)

ISBN

978-91-7385-981-3

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 3662

Room EA, ED&IT building, Rännvägen 6B, Chalmers University of Technology

Opponent: Prof. Geoffrey Smith, Florida International University, Miami, Florida, USA

Mer information

Skapat

2017-10-08