Computer Science

Computer Science ›› 2015, Vol. 42 ›› Issue (7): 194-199.doi: 10.11896/j.issn.1002-137X.2015.07.043

Previous Articles     Next Articles

Declassification Policy Based on Automaton Monitoring

JIN Li and ZHU Hao   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

399

Abstract: Static enforcement mechanisms of declassification policies have the flaw of over restrictive,which exclude the programs judged secure by semantic conditions of declassification policies.In order to provide more permissive enforcement mechanisms,we established the dynamic monitoring mechanisms for the two-dimension declassification policy based on the automaton theory.Command events generated during the running of a program are abstracted as the inputs of automaton,and these inputs are used by the automaton to track the information flow during the program running.The command that violates the declassification policy will be forbidden.Additionally,we proved that the mechanisms based on automaton monitoring are sound.

Key words: Information flow,Automaton,Confidentiality,Non-interference

[1] Sabelfeld A,Myers A C.Language-based information flow security[J].Selected Areas in Communications,2003,1(1):5-19
[2] Goguen J A,Meseguer J.Security policies and security models[C]∥IEEE Symposium on Security and Privacy.1982:11-20
[3] Sabelfeld A,Sands D.Declassification:dimensions and principles[J].Journal of Computer Security,2009,7(5):517-548
[4] Magazinius J,Askarov A,Sabelfeld A.A lattice-based approach to mashup security[C]∥ 5th ACM Symposium on Information,Computer and Communications Security.2010:15-23
[5] Banerjee A,Naumann D A,Rosenberg S.Expressive declassification policies and modular static enforcement [C]∥IEEE Symposium on ecurity and Privacy.Oakland,CA:IEEE Computer Society Press,2008:339-353
[6] Askarov A,Sabelfeld A.Localized delimited release:combining the what and where dimensions of information release [C]∥2007 Workshop on Programming Languages and Analysis for Security.San Diego,California:ACM Computer Society Press,2007:53-60
[7] 朱浩,庄毅,薛羽,等.基于内容和地点维度的机密信息降级策略[J].计算机科学,2012,9(8):153-157,185 Zhu H,Zhuang Y,Xue Y,et al.Declassification Policy Based on Content and Location Dimensions[J].Computer Science,2012,9(8):153-157,185
[8] Russo A,Sabelfeld A.Dynamic vs.static flow-sensitive security analysis[C]∥23rd IEEE Computer Security Foundations Symposium.2010:186-199
[9] David B,Vincent J,Felix k,et al.Enforceable Security Policies Revisited[J].ACM Transactions on Information and System Security,2013,16(1):3-26
[10] Zhu Y,Jung J,Song D,et al.Privacy Scope:A precise information flow tracking system for finding application leaks:EECS-2009-145[R]∥ Berkeley: Electrical Engineering and Computer Sciences,University of California .2009
[11] Nair S K,Simpson P N D,Crispo B,et al.A virtual machinebased information flow control system for policy enforcement [J].Electronic Notes in Theoretical Computer Science,2008,197(1):3-16
[12] Dhawan M,Ganapathy V.Analyzing information flow in Java Script-based browser extensions [C]∥Computer Security Applications Conference.Honolulu,HI:IEEE Computer Society Press,2009:382-391
[13] Magazinius J,Russo A,Sabelfeld A.On-the-fly inlining of dy-namic security monitors[J].Computers & Security,2012,31(7):827-843
[14] Le G G,Banerjee A,Schmidt D A.Automata-based confidentia-lity monitoring[M]∥ Okada M,Satoh I,eds.Advances in Computer Science-ASIAN 2006.Secure Software and Related Issues:11th Asian Computing Science Conference.Springer Berlin Heidelberg,2007:75-89
[15] Askarov A,Myers A.A semantic framework for declassification and endorsement[C]∥Gordon A D,ed.Proceedings of the 19th European Symposium on Programming Languages and Systems.Springer Berlin Heidelberg,2010:64-84
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.