A Policy Model for Secure Information Flow Export

@inbook{Adetoye09, abstract = {When a computer program requires legitimate access to confidential data, the question arises whether such a program may illegally reveal sensitive information. This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in deterministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker's observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the attacker's observational power, which can be used to enforce what declassification policies.}, author = {Adetoye, Adedayo O. and Badii, Atta}, booktitle = {Foundations and Applications of Security Analysis}, chapter = {1}, citeulike-article-id = {6089380}, citeulike-linkout-0 = {http://dx.doi.org/10.1007/978-3-642-03459-6_1}, citeulike-linkout-1 = {http://www.springerlink.com/content/d41mu2801755635q}, citeulike-linkout-2 = {http://www.hydramiddleware.eu/downloads.php?cat_id=2&download_id=57}, doi = {10.1007/978-3-642-03459-6_1}, isbn = {978-3-642-03458-9}, issn = {1611-3349}, journal = {Foundations and Applications of Security Analysis}, keywords = {2009, declassification, information-flow, operational, program, security}, pages = {1--17}, posted-at = {2009-11-09 17:09:20}, priority = {2}, publisher = {Springer Berlin / Heidelberg}, series = {Lecture Notes in Computer Science}, title = {A Policy Model for Secure Information Flow}, url = {http://dx.doi.org/10.1007/978-3-642-03459-6_1}, volume = {5511}, year = {2009} }

TY - CHAP ID - Adetoye09 L3 - citeulike-article-id:6089380 N2 - When a computer program requires legitimate access to confidential data, the question arises whether such a program may illegally reveal sensitive information. This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in deterministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker’s observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the attacker’s observational power, which can be used to enforce what declassification policies. JF - Foundations and Applications of Security Analysis SE - Lecture Notes in Computer Science SN - 978-3-642-03458-9 EP - 17 TI - A Policy Model for Secure Information Flow PB - Springer Berlin / Heidelberg VL - 5511 T2 - Foundations and Applications of Security Analysis SP - 1 KW - 2009 KW - declassification KW - information-flow KW - operational KW - program KW - security AU - Adetoye, Adedayo AU - Badii, Atta PY - 2009/// UR - http://dx.doi.org/10.1007/978-3-642-03459-6_1 ER -