Using Information Flow Control to Evaluate Access Protection of Location Information in Mobile Communication Networks

The increasing functionality provided by mobile devices entails that a considerable amount of sensitive data is stored on them. The possibility to reprogram these devices leads to new security threats like, e.g. Trojan horses or computer viruses, which make the problem of how to guarantee security of this data more important and also more difficult. Protecting privacy of location information in mobile phones is the task on which we focus in this article. It is well known that access control and communication filters provide adequate mechanisms to ensure privacy technically. However, for formalizing security objectives in our setting, i.e. protecting privacy of location information, we argue that information flow control is a more adequate approach. To this end, we use an example to illustrate how security properties which are motivated by standard access control techniques may fail to detect certain insecurities and demonstrate that this problem can be avoided when information flow control is applied.

[1]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[2]  Dieter Hutter,et al.  VSE: formal methods meet industrial needs , 2000, International Journal on Software Tools for Technology Transfer.

[3]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[4]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[5]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[6]  Scott B. Guthery,et al.  How to Turn a GSM SIM into a Web Server , 2001, CARDIS.

[7]  Dan S. Wallach,et al.  Understanding Java stack inspection , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[8]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[9]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[10]  Heiko Mantel,et al.  Possibilistic definitions of security-an assembly kit , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[11]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[12]  Malcolm David Macnaughtan,et al.  Positioning GSM telephones , 1998, IEEE Commun. Mag..

[13]  Heiko Mantel,et al.  Unwinding Possibilistic Security Properties , 2000, ESORICS.

[14]  Axel Schairer,et al.  Verification of a Formal Security Model for Multiapplicative Smart Cards , 2000, ESORICS.

[15]  Heiko Mantel,et al.  Preserving information flow properties under refinement , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[16]  Roberto Gorrieri,et al.  Information flow analysis in a discrete-time process algebra , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.