Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Paper i proceeding, 2018

This paper focuses on tracking information flow in the presence of delayed output. We motivate the need to address delayed output in the domains of IoT apps and email marketing. We discuss the threat of privacy leaks via delayed output in code published by malicious app makers on popular IoT app platforms. We discuss the threat of privacy leaks via delayed output in non-malicious code on popular platforms for email-driven marketing. We present security characterizations of projected noninterference and projected weak secrecy to capture information flows in the presence of delayed output in malicious and non-malicious code, respectively. We develop two security type systems: for information flow control in potentially malicious code and for taint tracking in non-malicious code, engaging read and write security types to soundly enforce projected noninterference and projected weak secrecy.

Författare

Iulia Bastys

Chalmers, Data- och informationsteknik, Informationssäkerhet

Frank Piessens

KU Leuven

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Informationssäkerhet

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 11252 LNCS 19-37

23rd Nordic Conference on Secure IT Systems, NordSec 2018
Oslo, Norway,

Ämneskategorier

Data- och informationsvetenskap

DOI

10.1007/978-3-030-03638-6_2

Mer information

Senast uppdaterat

2019-01-11