Computer Science ›› 2015, Vol. 42 ›› Issue (7): 194-199.doi: 10.11896/j.issn.1002-137X.2015.07.043

Previous Articles     Next Articles

Declassification Policy Based on Automaton Monitoring

JIN Li and ZHU Hao   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Static enforcement mechanisms of declassification policies have the flaw of over restrictive,which exclude the programs judged secure by semantic conditions of declassification policies.In order to provide more permissive enforcement mechanisms,we established the dynamic monitoring mechanisms for the two-dimension declassification policy based on the automaton theory.Command events generated during the running of a program are abstracted as the inputs of automaton,and these inputs are used by the automaton to track the information flow during the program running.The command that violates the declassification policy will be forbidden.Additionally,we proved that the mechanisms based on automaton monitoring are sound.

Key words: Information flow,Automaton,Confidentiality,Non-interference

[1] Sabelfeld A,Myers A C.Language-based information flow security[J].Selected Areas in Communications,2003,1(1):5-19
[2] Goguen J A,Meseguer J.Security policies and security models[C]∥IEEE Symposium on Security and Privacy.1982:11-20
[3] Sabelfeld A,Sands D.Declassification:dimensions and principles[J].Journal of Computer Security,2009,7(5):517-548
[4] Magazinius J,Askarov A,Sabelfeld A.A lattice-based approach to mashup security[C]∥ 5th ACM Symposium on Information,Computer and Communications Security.2010:15-23
[5] Banerjee A,Naumann D A,Rosenberg S.Expressive declassification policies and modular static enforcement [C]∥IEEE Symposium on ecurity and Privacy.Oakland,CA:IEEE Computer Society Press,2008:339-353
[6] Askarov A,Sabelfeld A.Localized delimited release:combining the what and where dimensions of information release [C]∥2007 Workshop on Programming Languages and Analysis for Security.San Diego,California:ACM Computer Society Press,2007:53-60
[7] 朱浩,庄毅,薛羽,等.基于内容和地点维度的机密信息降级策略[J].计算机科学,2012,9(8):153-157,185 Zhu H,Zhuang Y,Xue Y,et al.Declassification Policy Based on Content and Location Dimensions[J].Computer Science,2012,9(8):153-157,185
[8] Russo A,Sabelfeld A.Dynamic vs.static flow-sensitive security analysis[C]∥23rd IEEE Computer Security Foundations Symposium.2010:186-199
[9] David B,Vincent J,Felix k,et al.Enforceable Security Policies Revisited[J].ACM Transactions on Information and System Security,2013,16(1):3-26
[10] Zhu Y,Jung J,Song D,et al.Privacy Scope:A precise information flow tracking system for finding application leaks:EECS-2009-145[R]∥ Berkeley: Electrical Engineering and Computer Sciences,University of California .2009
[11] Nair S K,Simpson P N D,Crispo B,et al.A virtual machinebased information flow control system for policy enforcement [J].Electronic Notes in Theoretical Computer Science,2008,197(1):3-16
[12] Dhawan M,Ganapathy V.Analyzing information flow in Java Script-based browser extensions [C]∥Computer Security Applications Conference.Honolulu,HI:IEEE Computer Society Press,2009:382-391
[13] Magazinius J,Russo A,Sabelfeld A.On-the-fly inlining of dy-namic security monitors[J].Computers & Security,2012,31(7):827-843
[14] Le G G,Banerjee A,Schmidt D A.Automata-based confidentia-lity monitoring[M]∥ Okada M,Satoh I,eds.Advances in Computer Science-ASIAN 2006.Secure Software and Related Issues:11th Asian Computing Science Conference.Springer Berlin Heidelberg,2007:75-89
[15] Askarov A,Myers A.A semantic framework for declassification and endorsement[C]∥Gordon A D,ed.Proceedings of the 19th European Symposium on Programming Languages and Systems.Springer Berlin Heidelberg,2010:64-84

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .