Flexible Information-Flow Control
Doktorsavhandling, 2018
As more and more sensitive data is handled by software, its trustworthiness
becomes an increasingly important concern. This thesis presents work on ensuring
that information processed by computing systems is not disclosed to third
parties without the user's permission; i.e. to prevent unwanted flows of
information. While this problem is widely studied, proposed rigorous
information-flow control approaches that enforce strong security
properties like noninterference have yet to see widespread practical use.
Conversely, lightweight techniques such as taint tracking are more prevalent in
practice, but lack formal underpinnings, making it unclear what guarantees they
provide.
This thesis aims to shrink the gap between heavyweight information-flow control
approaches that have been proven sound and lightweight practical techniques
without formal guarantees such as taint tracking. This thesis attempts to
reconcile these areas by (a) providing formal foundations to taint tracking
approaches, (b) extending information-flow control techniques to more realistic
languages and settings, and (c) exploring security policies and mechanisms that
fall in between information-flow control and taint tracking and investigating what
trade-offs they incur.
becomes an increasingly important concern. This thesis presents work on ensuring
that information processed by computing systems is not disclosed to third
parties without the user's permission; i.e. to prevent unwanted flows of
information. While this problem is widely studied, proposed rigorous
information-flow control approaches that enforce strong security
properties like noninterference have yet to see widespread practical use.
Conversely, lightweight techniques such as taint tracking are more prevalent in
practice, but lack formal underpinnings, making it unclear what guarantees they
provide.
This thesis aims to shrink the gap between heavyweight information-flow control
approaches that have been proven sound and lightweight practical techniques
without formal guarantees such as taint tracking. This thesis attempts to
reconcile these areas by (a) providing formal foundations to taint tracking
approaches, (b) extending information-flow control techniques to more realistic
languages and settings, and (c) exploring security policies and mechanisms that
fall in between information-flow control and taint tracking and investigating what
trade-offs they incur.
software security
information-flow control
program verification
language-based security
ED, EDIT building, Rännvägen 6, Chalmers
Opponent: Alexander Pretschner, Technical University Munich, Germany
Författare
Daniel Schoepe
Chalmers, Data- och informationsteknik, Informationssäkerhet
Explicit Secrecy: A Policy for Taint Tracking
1st IEEE European Symposium on Security and Privacy (Euro S&P), Saarbruecken, Germany, Mar 21-24, 2016,; (2016)p. 15-30
Paper i proceeding
Let’s face it: Faceted values for taint tracking
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 9878 LNCS, 2016(2016)p. 561-580
Paper i proceeding
Daniel Schoepe, Toby Murray, Andrei Sabelfeld - Veronica: Verified Concurrent Information-Flow Control Unleashed
JSLINQ: Building secure applications across tiers
6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016; New Orleans; United States; 9 March 2016 through 11 March 2016,; (2016)p. 307-318
Paper i proceeding
Marco Guarnieri, Daniel Schoepe, Musard Balliu, David Basin, Andrei Sabelfeld - Information-Flow Control for Database-Backed Applications
Understanding and Enforcing Opacity
28th IEEE Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13 July-17 July,; Vol. 2015-September(2015)p. 539-553
Paper i proceeding
We are family: Relating information-flow trackers
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 10492 LNCS(2017)p. 124-145
Paper i proceeding
Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel, Andrei Sabelfeld - An Empirical Study of Information Flows in Real-World JavaScript
How can we make sure your phone does not leak your secrets?
Software plays an increasingly important role in society and few areas of modern
life are unaffected by code: It influences how we communicate with others, how
we consume news, what we read, and how we access and share information, and even
how we elect our officials, among many other aspects. As a result, software has
access to more and more sensitive information about us, and how that information
is handled is becoming more and more crucial. If private information is leaked,
it may affect our finances, our relationships, and even our democracy. For
journalists and dissidents, even their lives sometimes depend on software
keeping their secrets safe.
However, even for experts, it is very hard to find out if an application will
properly protect sensitive data it has access to. This thesis explores ways to
ensure information is not leaked by applying mathematical reasoning to the code
running on our devices. For example, when installing an Android application, a
user can either allow or deny the application to access private information, but
after access has been granted, the user does not know if the application will
then send this information out over the internet. Using mathematical reasoning
to analyze software, we can control how an application accesses information and
make sure it is not leaked.
Software plays an increasingly important role in society and few areas of modern
life are unaffected by code: It influences how we communicate with others, how
we consume news, what we read, and how we access and share information, and even
how we elect our officials, among many other aspects. As a result, software has
access to more and more sensitive information about us, and how that information
is handled is becoming more and more crucial. If private information is leaked,
it may affect our finances, our relationships, and even our democracy. For
journalists and dissidents, even their lives sometimes depend on software
keeping their secrets safe.
However, even for experts, it is very hard to find out if an application will
properly protect sensitive data it has access to. This thesis explores ways to
ensure information is not leaked by applying mathematical reasoning to the code
running on our devices. For example, when installing an Android application, a
user can either allow or deny the application to access private information, but
after access has been granted, the user does not know if the application will
then send this information out over the internet. Using mathematical reasoning
to analyze software, we can control how an application accesses information and
make sure it is not leaked.
Programming Language-Based Security To Rescue (PROSECUTOR)
Europeiska kommissionen (EU) (EC/FP7/307544), 2013-01-01 -- 2017-12-31.
AppFlow
Vetenskapsrådet (VR) (2014-6222), 2015-01-01 -- 2018-12-31.
Ämneskategorier
Datavetenskap (datalogi)
ISBN
978-91-7597-832-1
Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 4513
Utgivare
Chalmers
ED, EDIT building, Rännvägen 6, Chalmers
Opponent: Alexander Pretschner, Technical University Munich, Germany