多线程环境中的二维降密策略

计算机科学 ›› 2015, Vol. 42 ›› Issue (12): 243-246.

多线程环境中的二维降密策略

金丽,朱浩

南通大学江苏省专用集成电路设计重点实验室南通226019,南京航空航天大学计算机科学与技术学院南京210016;南通大学计算机科学与技术学院南通226019

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受江苏省博士后科研资助

Two-dimension Declassification Policy in Multithreaded Environments

JIN Li and ZHU Hao

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 降密策略的主要目的在于确保程序中敏感信息的安全释放。目前,降密策略的安全条件和实施机制的研究主要集中在顺序式程序设计语言,它们不能直接移植到多线程并发环境,原因在于攻击者能利用线程调度的某些性质推导出敏感信息。为此,基于多线程程序设计语言模型和线程调度模型,建立了支持多线程并发环境的二维降密策略,有效确保了在合适的程序点降密合适的信息；建立了多线程并发环境下该降密策略的动态监控机制,并证明了该实施机制的可靠性。

关键词: 信息流,多线程环境,机密性,无干扰

Abstract: Information declassification aims at secure release of sensitive information.Existing security specifications and enforcement mechanisms of declassification policies focus on sequential programs,and they can not be directlytransplanted to multithreaded environments for that attackers can take advantage of some properties of thread scheduling to derive sensitive information.To this end,a two-dimension declassification policy in multithreaded environments was proposed,based on the multi-threaded programming language model and thread scheduling model,effectively ensuring that appropriate information is released at the appropriate point of programs.Moreover,dynamic monitoring mechanisms of the policy in multithreaded environments were presented,and the soundness of enforcements was proved.

Key words: Information flow,Multithreaded environments,Confidentiality,Non-interference

金丽,朱浩. 多线程环境中的二维降密策略[J]. 计算机科学, 2015, 42(12): 243-246. https://doi.org/

JIN Li and ZHU Hao. Two-dimension Declassification Policy in Multithreaded Environments[J]. Computer Science, 2015, 42(12): 243-246. https://doi.org/

参考文献

[1] Sabelfeld A,Sands D.Declassification:dimensions and principles[J].Journal of Computer Security,2009,7(5):517-548
[2] Sabelfeld A,Russo A.Securing interaction between threads and the scheduler [C]∥19th IEEE Computer Security Foundations Workshop.2006:177-189
[3] Sabelfeld A.The impact of synchronisation on secure information flow in concurrent programs [M]∥Perspectives of System Informatics,LNCS 2244.2001:225-239
[4] Smith G,Volpano D.Secure information flow in a multi-threaded imperative language [C]∥25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages.1998:355-364
[5] Mantel H,Reinhard A.Controlling the what and where of declassification in language-based security [M]∥Programming Languages and Systems,LNCS 4421.2007:141-156
[6] Lux A,Mantel H,Perner M.Scheduler-Independent Declassification [M]∥Mathematics of Program Construction,LNCS 7342.2012:25-47
[7] 姜励,陈健,平玲娣,等.多线程程序的信息抹除和降密安全策略[J].浙江大学学报(工学版),2010 (5):854-862 Jiang L,Chen J,Ping L D,et al,Security policy for information erasing and leaking in multithreaded codes[J].Journal of Zhejiang University(Engineering Science),2010(5):854-862
[8] Focardi R,Gorrieri R,Martinelli F.Non Interference for the Analysis of Cryptographic Protocols[M]∥Automata Languages and Programming,LNCS 1853.2000:354-372
[9] Russo A,Sabelfeld A.Securing interaction between threads and the scheduler [C]∥19th IEEE Computer Security Foundations Workshop.2006:177-189
[10] 朱浩,庄毅,薛羽,等.基于内容和地点维度的机密信息降级策略[J].计算机科学,2012,9(8):153-157 Zhu H,Zhuang Y,Xue Y,et al,Declassification Policy Based on Content and Location Dimensions[J].Computer Science,2012,9(8):153-157
[11] Askarov A,Myers A.A semantic framework for declassification and endorsement[M]∥Programming Languages and Systems,LNCS 6012.2010:64-84
[12] 李沁,袁志祥.一种宽容的多线程程序内部时间信息流类型系统[J].计算机科学,2014,1(3):163-168 Li Qin,Yuan Zhi-xiang.Permissive Type System for Internal Timing Information Flow in Multi-thread Programs[J].Computer Science,2014,1(3):163-168

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed