Skip to main content
SpringerLink
Log in

Locality-Based Security Policies

  • Conference paper
Formal Aspects in Security and Trust (FAST 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4691))

Included in the following conference series:

Abstract

Information flow security provides a strong notion of end-to-end security in computing systems. However sometimes the policies for information flow security are limited in their expressive power, hence complicating the matter of specifying policies even for simple systems. These limitations often become apparent in contexts where confidential information is released under specific conditions.

We present a novel policy language for expressing permissible information flow under expressive constraints on the execution traces for programs. Based on the policy language we propose a security condition shown to be a generalized intransitive non-interference condition. Furthermore a flow-logic based static analysis is presented and shown capable of guaranteeing the security of programs analysed.

This work has in part been supported by the EU research project #016004, Software Engineering for Service-Oriented Overlay Computers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, vol. 1, MITRE Corp. Bedford, MA (1973)

    Google Scholar 

  2. Broberg, N., Sands, D.: Flow locks: Towards a core calculus for dynamic flow policies. In: Proc. European Symposium on Programming, pp. 180–196 (2006)

    Google Scholar 

  3. Chong, S., Myers, A.C.: Security policies for downgrading. In: CCS 2004. Proceedings of the 11th ACM conference on Computer and communications security, New York, NY, USA, pp. 198–209. ACM Press, New York (2004)

    Chapter  Google Scholar 

  4. Chong, S., Myers, A.C.: Language-based information erasure. In: CSFW, pp. 241–254 (2005)

    Google Scholar 

  5. Cohen, E.S.: Information transmission in computational systems. ACM SIGOPS Operating Systems Review 11(5), 133–139 (1977)

    Article  Google Scholar 

  6. Denning, D.E.: A lattice model of secure information flow. Comm. of the ACM 19(5), 236–243 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  7. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)

    Google Scholar 

  8. Gorla, D., Pugliese, R.: Resource access and mobility control with dynamic privileges acquisition. In: Baeten, J.C.M., Lenstra, J.K., Parrow, J., Woeginger, G.J. (eds.) ICALP 2003. LNCS, vol. 2719, pp. 119–132. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Haigh, J.T., Young, W.D.: Extending the Non-Interference Version of MLS for SAT. In: IEEE Symposium on Security and Privacy, pp. 232–239. IEEE Computer Society Press, Los Alamitos (1986)

    Google Scholar 

  10. Hansen, R.R., Probst, C.W., Nielson, F.: Sandboxing in myklaim. In: Proc. ARES 2006 (2006)

    Google Scholar 

  11. Hopcroft, J.E., Motwani, R., Ullman, J.D.: Introduction to automata theory, languages, and computation, 2nd edn. Addison-Wesley, London (2001)

    MATH  Google Scholar 

  12. Kemmerer, R.A.: A practical approach to identifying storage and timing channels. In: IEEE Symposium on Security and Privacy, pp. 66–73 (1982)

    Google Scholar 

  13. Mantel, H., Sands, D.: Controlled declassification based on intransitive noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)

    Google Scholar 

  14. Matos, A.A., Boudol, G.: On declassification and the non-disclosure policy. In: Proc. IEEE Computer Security Foundations Workshop, pp. 226–240 (2005)

    Google Scholar 

  15. McHugh, J.: Covert Channel Analysis. Handbook for the Computer Security Certification of Trusted Systems (1995)

    Google Scholar 

  16. Myers, A.C.: Jflow: Practical mostly-static information flow control. In: POPL, pp. 228–241 (1999)

    Google Scholar 

  17. Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: SOSP, pp. 129–142 (1997)

    Google Scholar 

  18. Nielson, H.R., Nielson, F.: Flow logic: A multi-paradigmatic approach to static analysis. In: The Essence of Computation, pp. 223–244 (2002)

    Google Scholar 

  19. Rushby, J.: Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report CSL-92-02, SRI International (December 1992)

    Google Scholar 

  20. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  21. Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  22. Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: CSFW, pp. 200–214 (2000)

    Google Scholar 

  23. Tolstrup, T.K., Nielson, F., Riis, H.: Information Flow Analysis for VHDL. In: Proc. Eighth International Conference on Parallel Computing Technologies. LNCS, Springer, Heidelberg (2005)

    Google Scholar 

  24. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Computer Security 4(3), 167–187 (1996)

    Google Scholar 

  25. Volpano, D.M., Smith, G.: Probabilistic noninterference in a concurrent language. Journal of Computer Security 7(1) (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Informatics and Mathematical Modelling, Technical University of Denmark,  

    Terkel K. Tolstrup & Flemming Nielson

  2. Department of Computer Science, University of Copenhagen,  

    René Rydhof Hansen

Authors
  1. Terkel K. Tolstrup
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Flemming Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. René Rydhof Hansen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Theo Dimitrakos Fabio Martinelli Peter Y. A. Ryan Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tolstrup, T.K., Nielson, F., Hansen, R.R. (2007). Locality-Based Security Policies. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2006. Lecture Notes in Computer Science, vol 4691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75227-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75227-1_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75226-4

  • Online ISBN: 978-3-540-75227-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation