A User Model for Information Erasure

Hunt and Sands (ESOP'08) studied a notion of information erasure for systems which receive secrets intended for limited-time use. Erasure demands that once a secret has fulfilled its purpose the subsequent behaviour of the system should reveal no information about the erased data. In this paper we address a shortcoming in that work: for erasure to be possible the user who provides data must also play his part, but previously that role was only specified informally. Here we provide a formal model of the user and a collection of requirements called erasure friendliness. We prove that an erasure-friendly user can be composed with an erasing system (in the sense of Hunt and Sands) to obtain a combined system which is jointly erasing in an appropriate sense. In doing so we identify stronger requirements on the user than those informally described in the previous work.

[1]  Andrew C. Myers,et al.  End-to-End Enforcement of Erasure and Declassification , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[2]  Xuezeng Pan,et al.  Handling Information Release and Erasure in Multi-Threaded Programs , 2007, 2007 International Conference on Computational Intelligence and Security (CIS 2007).

[3]  Andrew C. Myers,et al.  Language-based information erasure , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[4]  David Clark,et al.  Non-Interference for Deterministic Interactive Programs , 2009, Formal Aspects in Security and Trust.

[5]  Lin Yan,et al.  A Particle Swarm Optimization for Resource-Constrained Multi-Project Scheduling Problem , 2007 .

[6]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[7]  David Sands,et al.  Just Forget It - The Semantics and Enforcement of Information Erasure , 2008, ESOP.

[8]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[9]  Maciej Koutny,et al.  Opacity generalised to transition systems , 2005, International Journal of Information Security.

[10]  Valtteri Niemi,et al.  Distributed Usage Control , 2011, ANT/MobiWIS.

[11]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[12]  Michael R. Clarkson,et al.  Information-flow security for interactive programs , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[13]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.