TY - GEN
T1 - Towards a General-Purpose Dynamic Information Flow Policy
AU - Li, Peixuan
AU - Zhang, Danfeng
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Noninterference offers a rigorous end-to-end guarantee for secure propagation of information. However, real-world systems almost always involve security requirements that change during program execution, making noninterference inapplicable. Prior works alleviate the limitation to some extent, but even for a veteran in information flow security, understanding the subtleties in the syntax and semantics of each policy is challenging, largely due to very different policy specification languages, and more fundamentally, semantic requirements of each policy. We take a top-down approach and present a novel information flow policy, called Dynamic Release, which allows information flow restrictions to downgrade and upgrade in arbitrary ways. Dynamic Release is formalized on a novel framework that, for the first time, allows us to compare and contrast various dynamic policies in the literature. We show that Dynamic Release generalizes declassification, erasure, delegation and revocation. Moreover, it is the only dynamic policy that is both applicable and correct on a benchmark of tests with dynamic policy.
AB - Noninterference offers a rigorous end-to-end guarantee for secure propagation of information. However, real-world systems almost always involve security requirements that change during program execution, making noninterference inapplicable. Prior works alleviate the limitation to some extent, but even for a veteran in information flow security, understanding the subtleties in the syntax and semantics of each policy is challenging, largely due to very different policy specification languages, and more fundamentally, semantic requirements of each policy. We take a top-down approach and present a novel information flow policy, called Dynamic Release, which allows information flow restrictions to downgrade and upgrade in arbitrary ways. Dynamic Release is formalized on a novel framework that, for the first time, allows us to compare and contrast various dynamic policies in the literature. We show that Dynamic Release generalizes declassification, erasure, delegation and revocation. Moreover, it is the only dynamic policy that is both applicable and correct on a benchmark of tests with dynamic policy.
UR - http://www.scopus.com/inward/record.url?scp=85141841633&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85141841633&partnerID=8YFLogxK
U2 - 10.1109/CSF54842.2022.9919639
DO - 10.1109/CSF54842.2022.9919639
M3 - Conference contribution
AN - SCOPUS:85141841633
T3 - Proceedings - IEEE Computer Security Foundations Symposium
SP - 260
EP - 275
BT - Proceedings - 2022 IEEE 35th Computer Security Foundations Symposium, CSF 2022
PB - IEEE Computer Society
T2 - 35th IEEE Computer Security Foundations Symposium, CSF 2022
Y2 - 7 August 2022 through 10 August 2022
ER -