Prudent Design Principles for Information Flow Control
Paper i proceeding, 2018

Recent years have seen a proliferation of research on information flow control. While the progress has been tremendous, it has also given birth to a bewildering breed of concepts, policies, conditions, and enforcement mechanisms. Thus, when designing information flow controls for a new application domain, the designer is confronted with two basic questions: (i) What is the right security characterization for a new application domain? and (ii) What is the right enforcement mechanism for a new application domain?
This paper puts forward six informal principles for designing information flow security definitions and enforcement mechanisms: attacker-driven security, trust-aware enforcement, separation of policy annotations and code, language-independence, justified abstraction, and permissiveness. We particularly highlight the core principles of attacker-driven security and trust-aware enforcement, giving us a rationale for deliberating over soundness vs. soundiness. The principles contribute to roadmapping the state of the art in information flow security, weeding out inconsistencies from the folklore, and providing a rationale for designing information flow characterizations and enforcement mechanisms for new application domains.

information flow control

principles

attacker models

Författare

Iulia Bastys

Chalmers, Data- och informationsteknik, Informationssäkerhet

Frank Piessens

KU Leuven

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Informationssäkerhet

Proceedings of the 13th Workshop on Programming Languages and Analysis for Security, PLAS 2018

17-23

13th Workshop on Programming Languages and Analysis for Security
Toronto, Canada,

Ämneskategorier

Data- och informationsvetenskap

DOI

10.1145/3264820.3264824

Mer information

Senast uppdaterat

2019-02-13