Information flow in a distributed security setting

by   Ana Almeida Matos, et al.

Information flow security is classically formulated in terms of the absence of illegal information flows, with respect to a security setting consisting of a single flow policy that specifies what information flows should be permitted in the system. In this paper we investigate the security issues that emerge in distributed security settings, where each computation domain establishes its own local security policy, and where programs may exhibit location-dependent behavior. In particular, we study the interplay between two distinct flow policy layers: the declared flow policy, established by the program itself, and the allowed flow policy, established externally to the program by each computation domain. We refine two security properties that articulate how the behaviors of programs comply to the respective flow policies: Distributed Non-disclosure, for enabling programs to declare locally scoped flow policies; and Flow Policy Confinement, for controlling the flow policies that are declared by programs. We present enforcement mechanisms that are based on type and effect systems, ranging from purely static mechanisms to hybrid combinations with dynamic migration control, for enforcing the above properties on an expressive ML-like language with concurrent threads and code migration, and which includes an allowed flow policy construct that dynamically tests the allowed flow policy of the current context. Finally, we show that the combination of the above two properties guarantees that actual information flows do not violate the relevant allowed flow policies. To this end we propose and use the Distributed Non-Interference property, a natural generalization of Non-Interference to a distributed security setting that ensures that information flows in a program respect the allowed flow policy of the domains where they originate.


Pifthon: A Compile-Time Information Flow Analyzer For An Imperative Language

Compile-time information flow analysis has been a promising technique fo...

IFCIL: An Information Flow Configuration Language for SELinux (Extended Version)

Security Enhanced Linux (SELinux) is a security architecture for Linux i...

An Empirical Study of Information Flows in Real-World JavaScript

Information flow analysis prevents secret or untrusted data from flowing...

Analysing Flow Security Properties in Virtualised Computing Systems

This paper studies the problem of reasoning about flow security properti...

Towards a General-Purpose Dynamic Information Flow Policy

Noninterference offers a rigorous end-to-end guarantee for secure propag...

A Calculus for Flow-Limited Authorization

Real-world applications routinely make authorization decisions based on ...

Confidentiality enforcement by hybrid control of information flows

An information owner, possessing diverse data sources, might want to off...

Please sign up or login with your details

Forgot password? Click here to reset