A language for information flow: dynamic tracking in multiple interdependent dimensions

This paper presents <i>λ<sub>I</sub></i>, a language for dynamic tracking of information flow across multiple, interdependent dimensions of information. Typical dimensions of interest are integrity and confidentiality. <i>λ<sub>I</sub></i> supports arbitrary domain-specific policies that can be developed independently. <i>λ<sub>I</sub></i> treats information-flow metadata as a first-class entity and tracks information flow on the metadata itself (integrity on integrity, integrity on confidentiality, etc.). This paper also introduces IMPOLITE, a novel class of information-flow policies for <i>λ<sub>I</sub></i>. Unlike many systems, which only allow for absolute-security relations, IMPOLITE can model more realistic security policies based on relative-security relations. IMPOLITE demonstrates how policies on interdependent dimensions of information can be simultaneously enforced within <i>λ<sub>I</sub></i>'s unified framework.

[1]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[2]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[3]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[4]  Andrew C. Myers,et al.  Dynamic security labels and static information flow control , 2007, International Journal of Information Security.

[5]  Marco Pistoia,et al.  Enterprise Java 2 Security: Building Secure and Robust J2EE Applications , 2004 .

[6]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[7]  David A. Schmidt,et al.  Automata-Based Confidentiality Monitoring , 2006, ASIAN.

[8]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[9]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[10]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[11]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[12]  Andrew C. Myers,et al.  Enforcing Robust Declassification and Qualified Robustness , 2006, J. Comput. Secur..

[13]  Gurvan Le Guernic Automaton-based Confidentiality Monitoring of Concurrent Programs , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[14]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[15]  Cédric Fournet,et al.  Stack inspection: Theory and variants , 2003, TOPL.

[16]  Dan Grossman,et al.  Syntactic type abstraction , 2000, TOPL.

[17]  Hilary H. Hosmer,et al.  Metapolicies I , 1992, SGSC.

[18]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[19]  Jan Vitek,et al.  Secure composition of untrusted code: wrappers and causality types , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[20]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[21]  Marco Pistoia,et al.  Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[23]  V.V.S. Raveendra Inside java 2 platform security: architecture, API design and implementation [Book Review] , 2002, IEEE Software.

[24]  Peng Li Yun Mao Steve Zdancewic Information Integrity Policies , 2003 .

[25]  Michael Hicks,et al.  Managing policy updates in security-typed languages , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[26]  Michael Hicks,et al.  Fable: A Language for Enforcing User-defined Security Policies , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[27]  Marco Pistoia,et al.  JAVA 2 Network Security , 1999 .

[28]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[29]  Andrew C. Myers,et al.  Enforcing robust declassification , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..