Skip to main content
SpringerLink
Log in

Automated enforcement for relaxed information release with reference points

使用参照点的宽松信息释放的自动化实现

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

Language-based information flow security is a promising approach for enforcement of strong security and protection of the data confidentiality for the end-to-end communications. Here, noninterference is the standard and most restricted security property that completely forbids confidential data from being released to public context. Although this baseline property has been extensively enforced in various cases, there are still many programs, which are considered secure enough, violating this property in some way. In order to control the information release in these programs, the predetermined ways should be specified by means of which confidential data can be released. These intentional releases, also called declassifications, are regulated by several more relaxed security properties than noninterference. The security properties for controlled declassification have been developed on different dimensions with declassification goals. However, the mechanisms used to enforce these properties are still unaccommodating, unspecific, and insufficiently studied. In this work, a new security property, the Relaxed Release with Reference Points (R3P), is presented to limit the information that can be declassified in a program. Moreover, a new mechanism using reachability analysis has been proposed for the pushdown system to enforce R3P on programs. In order to show R3P is competent for use, it has been proved that it complies with the well-known prudent principles of declassification, and in addition finds some restrictions on our security policy. The widespread usage, precision, efficiency, and the influencing factors of our enforcement have been evaluated.

摘要

创新点:

  1. (1)

    提出一种更通用的安全属性 (R3P), 该属性可由自动程序验证进行实现

  2. (2)

    证明了该安全属性与一些通用的机密消去谨慎性原则相一致, 并提出一种新的谨慎性原则—“条件持久性”, 用以说明安全策略的局限性

  3. (3)

    首次使用可达性分析来实现“What”维度的机密消去安全属性, 实现方法比现有的基于自动程序验证的方法更通用

  4. (4)

    提出了用于模型转换的“存储—匹配”模式, 能够有效减小状态空间并降低验证开销.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Denning D E. A lattice model of secure information flow. Commun ACM, 1976, 19: 236–243

    Article  MathSciNet  MATH  Google Scholar 

  2. Denning D E, Denning P J. Certification of programs for secure information flow. Commun ACM, 1977, 20: 504–513

    Article  MATH  Google Scholar 

  3. Goguen J A, Meseguer J. Security policies and security models. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, USA, 1982. 11–20

    Google Scholar 

  4. Zdancewic S. Challenges for information-flow security. In: Proceedings of Programming Language Interference and Dependence, 2004

    Google Scholar 

  5. Sabelfeld A, Sands D. Declassification: Dimensions and principles. J Comp Secur, 2009, 17: 517–548

    Google Scholar 

  6. Sabelfeld A, Myers A C. Language-based information-flow security. IEEE J Select Areas Commun, 2003, 21: 5–19

    Article  Google Scholar 

  7. Lux A, Mantel H. Declassification with explicit reference points. In: Backes M, Ning P, eds. Proceedings of the 14th European Symposium on Research in Computer Security. Berlin/Heidelberg: Springer-Verlag, 2009. 69–85

    Google Scholar 

  8. Terauchi T, Aiken A. Secure information flow as a safety problem. In: Hankin C, Siveroni I, eds. Proceedings of 12th International Symposium on Static Analysis. Berlin/Heidelberg: Springer-Verlag, 2005. 352–367

    Google Scholar 

  9. Sun C, Tang L, Chen Z. A new enforcement on declassification with reachability analysis. In: Proceedings of INFOCOM Workshops, Shanghai, 2011. 1024–1029

    Google Scholar 

  10. Lux A, Mantel H. Who can declassify? In: Degano P, Guttman J D, Martinelli F, eds. Proceedings of 5th International Workshop on Formal Aspects in Security and Trust. Berlin/Heidelberg: Springer-Verlag, 2009. 35–49

    Chapter  Google Scholar 

  11. Sun C, Tang L, Chen Z. Secure information flow in Java via reachability analysis of pushdown system. In: Wang J, Chan W K, Kuo F C, eds. Proceedings of the 10th International Conference on Quality Software, Zhangjiajie, 2010. 142–150

    Google Scholar 

  12. Barthe G, D’Argenio P R, Rezk T. Secure information flow by self-composition. In: Proceedings of Computer Security Foundations Workshop. Los Alamitos: IEEE, 2004. 100–114

    Google Scholar 

  13. Naumann D. From coupling relations to mated invariants for checking information flow. In: Gollmann D, Meier J, Sabelfeld A, eds. Proceedings of the 11th European Symposium on Research in Computer Security. Berlin/Heidelberg: Springer-Verlag, 2006. 279–296

    Google Scholar 

  14. Qing S, Shen C. Design of secure operating systems with high security levels. Sci China Inf Sci, 2007, 50: 399–418

    Article  MATH  Google Scholar 

  15. Bao Y B, Yin L H, Fang B X, et al. A novel logic-based automatic approach to constructing compliant security policies. Sci China Inf Sci, 2012, 55: 149–164

    Article  MathSciNet  MATH  Google Scholar 

  16. Sabelfeld A, Myers A. A model for delimited information release. In: Futatsugi K, Mizoguchi F, Yonezaki N, eds. Software Security — Theoreis and Systems. Berlin/Heidelberg: Springer-Verlag, 2004. 174–191

    Chapter  Google Scholar 

  17. Li P, Zdancewic S. Downgrading policies and relaxed noninterference. In: Proceedings of the 32nd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages. New York: ACM, 2005. 158–170

    Google Scholar 

  18. Mantel H, Reinhard A. Controlling the what and where of declassification in language-based security. In: De Nicola R, ed. Proceedings of the 16th European Symposium on Programming. Berlin/Heidelberg: Springer-Verlag, 2007. 141–156

    Google Scholar 

  19. Adetoye A O, Badii A. A policy model for secure information flow. In: Degano P, Viganò L, eds. Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security. Berlin/Heidelberg: Springer-Verlag, 2009. 1–17

    Google Scholar 

  20. Cohen E S. Information transmission in sequential programs. Found Secure Comp, 1978, 297–335

    Google Scholar 

  21. Askarov A, Sabelfeld A. Localized delimited release: Combining the what and where dimensions of information release. In: Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security. New York: ACM, 2007. 53–60

    Chapter  Google Scholar 

  22. Lux A, Mantel H, Perner M. Scheduler-independent declassification. In: Gibbons J, Nogueira P, eds. Mathematics of Program Construction. Berlin/Heidelberg: Springer-Verlag, 2012. 25–47

    Chapter  Google Scholar 

  23. Myers A C, Liskov B. A decentralized model for information flow control. In: Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles. New York: ACM, 1997. 129–142

    Chapter  Google Scholar 

  24. Zhou C H, Liu Z F, Wu H L, et al. Symbolic algorithmic verification of intransitive generalized noninterference. Sci China Inf Sci, 2012, 55: 1650–1665

    Article  MathSciNet  MATH  Google Scholar 

  25. Volpano D M, Irvine C E, Smith G. A sound type system for secure flow analysis. J Comp Secur, 1996, 4: 167–188

    Google Scholar 

  26. Schwoon S. Model checking pushdown systems. Dissertation for Ph.D. Degree. Munich: Technical University of Munich, 2002

    Google Scholar 

  27. Sun C, Zhai E N, Chen Z, et al. A multi-compositional enforcement on information flow security. In: Qing S H, Susilo W, Wang G L, et al., eds. Information and Communications Security. Berlin/Heidelberg: Springer-Verlag, 2011. 345–359

    Chapter  Google Scholar 

  28. Reps T W, Schwoon S, Jha S, et al. Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci Comput Program, 2005, 58: 206–263

    Article  MathSciNet  MATH  Google Scholar 

  29. Sun C, Tang L, Chen Z. Secure information flow by model checking pushdown system. In: Proceedings of the 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, Brisbane, Australia, 2009. 586–591

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Xidian University, Xi’an, 710071, China

    Cong Sun, Ning Xi, Sheng Gao & JianFeng Ma

  2. School of Electronics Engineering and Computer Science, Peking University, Beijing, 100871, China

    Zhong Chen

Authors
  1. Cong Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ning Xi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sheng Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhong Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. JianFeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cong Sun.

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sun, C., Xi, N., Gao, S. et al. Automated enforcement for relaxed information release with reference points. Sci. China Inf. Sci. 57, 1–19 (2014). https://doi.org/10.1007/s11432-014-5168-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-014-5168-7

Keywords

关键词

Search

Navigation