Disjunction Category Labels

We present disjunction category (DC) labels, a new label format for enforcing information flow in the presence of mutually distrusting parties. DC labels can be ordered to form a lattice, based on propositional logic implication and conjunctive normal form. We introduce and prove soundness of decentralized privileges that are used in declassifying data, in addition to providing a notion of privilege-hierarchy. Our model is simpler than previous decentralized information flow control (DIFC) systems and does not rely on a centralized principal hierarchy. Additionally, DC labels can be used to enforce information flow both statically and dynamically. To demonstrate their use, we describe two Haskell implementations, a library used to perform dynamic label checks, compatible with existing DIFC systems, and a prototype library that enforces information flow statically, by leveraging the Haskell type checker.

[1]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[2]  Jonathan S. Shapiro,et al.  The KeyKOS Nanokernel Architecture , 1992, USENIX Workshop on Microkernels and Other Kernel Architectures.

[3]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Ben Hardekopf,et al.  Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach , 2011, 2011 IEEE Symposium on Security and Privacy.

[5]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[6]  Peng Li,et al.  Arrows for secure information flow , 2010, Theor. Comput. Sci..

[7]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[8]  Andrew C. Myers,et al.  Complete, safe information flow with decentralized labels , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[9]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[10]  William A. Howard,et al.  The formulae-as-types notion of construction , 1969 .

[11]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[12]  Carl A. Gunter,et al.  Generalized certificate revocation , 2000, POPL '00.

[13]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[14]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[15]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[16]  Jean Gallier,et al.  Constructive Logics Part I: A Tutorial on Proof Systems and Typed gamma-Calculi , 1993, Theor. Comput. Sci..

[17]  David Sands,et al.  Paralocks: role-based information flow control and beyond , 2010, POPL '10.

[18]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[19]  Deian Stefan,et al.  Flexible dynamic information flow control in Haskell , 2012, Haskell '11.

[20]  Roy Dyckhoff,et al.  Contraction-free sequent calculi for intuitionistic logic , 1992, Journal of Symbolic Logic.

[21]  Andrew C. Myers,et al.  Robust declassification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[22]  Alejandro Russo,et al.  Secure Multi-execution in Haskell , 2011, Ershov Memorial Conference.

[23]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[24]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[25]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[26]  Mark S. Miller,et al.  Robust composition: towards a unified approach to access control and concurrency control , 2006 .

[27]  Ingo Wegener,et al.  Complexity Theory , 2005 .

[28]  Jonathan S. Shapiro,et al.  Paradigm Regained: Abstraction Mechanisms for Access Control , 2003, ASIAN.

[29]  Eric Allender,et al.  Complexity Theory , 1997, Encyclopedia of Cryptography and Security.

[30]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[31]  S. Eisenbach,et al.  Zeno : A tool for the automatic verification of algebraic properties of functional programs , 2010 .