软件系统的可信降密述评

Abstract

Abstract: Non-interference model is the baseline security model of information flow control.It ensures zero leakage of secret information,but its restrictiveness of security condition is too strong.Software system inevitably violates non-interference model and releases proper information for its requirement of function.In order to prevent attacker obtain extra information from the channel of information release,the channel should be under control and trusted declassification policy and enforcement mechanisms should be established.Existing declassification policies are classified into WHAT,WHO,WHERE and WHEN dimensions,and existing enforcement mechanisms are classified into static enforcement,dynamic enforcement and secure multi-execution.The characteristics and deficiencies of these mechanisms were compared,the challenge of following study was discussed,and the direction of future study was out-looked.

Key words: Confidentiality, Information flow control, Non-interference, Trusted declassification

CLC Number:

TP311

ZHU Hao,CHEN Jian-ping. Review of Trust Declassification for Software System[J].Computer Science, 2018, 45(6A): 36-40.

References

[1]SABELFELD A,SANDS D.Declassification:dimensions and principles[J].Journal of Computer Security,2009,7(5):517-548.
[2]姜励.基于程序设计语言的安全降密模型研究[D].杭州:浙江大学,2008.
[3]沈昌祥,张大伟,刘吉强,等.可信3.0战略:可信计算的革命性演变[J].中国工程科学,2016,18(6):53-57.
[4]沈国华,黄志球,谢冰,等.软件可信评估研究综述:标准、模型与工具[J].软件学报,2016,27(4):955-968.
[5]ZHANG L,ZHENGY,KANTOA R.A Review of Homomorphic Encryption and its Applications[C]//Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications.Xi’an,ICST,2016:97-106.
[6]VAN DIJK M,JUELS A.On the impossibility of cryptography alone for privacy-preserving cloud computing[C]∥5th USENIX Conference on Hot topics in security (HotSec’10).Washington,USENIX Association,2010:1-8.
[7]SABELFELD A,MYERS A C.Language-based information flow security[J].Selected Areas in Communications,2006,21(1):5-19.
[8]ALAM MI,HALDER,R.Data-Centric Refinement of Information Flow Analysis of Database Applications[C]∥Proceedings of the Third International Symposium on Security in Computing and Communications.Kochi,Springer International Publishing,2015:506-518.
[9]GOGUEN J A,MESEGUER J.Security policies and security models[C]∥Proceedings of IEEE Symposium on Security and Privacy.Oakland:IEEE,1982:11-20.
[10]COHEN E.Information transmission in computational systems[J].ACM SIGOPS Operating Systems Review,1977,11(5):133-139.
[11]SABELFELD A,SANDS D.A per model of secure information flow in sequential programs[J].Higher-order and Symbolic Computation,2001,14(1):59-91.
[12]SABELFELD A,MYERS A.A Model for Delimited Information Release[M]∥Software Security-Theories and Systems.Springer Berlin Heidelberg,2004:174-191.
[13]LUX A,MANTEL H.Declassification with explicit reference points[C]∥14th European Conference on Research in Compu-ter Security.Saint-Malo:Springer-Verlag,2009:21-23.
[14]ADETOYE A,BADII A.A Policy Model for Secure Information Flow[M]∥Foundations and Applications of Security Analysis.Springer-Verlay,2009:1-17.
[15]MICINSKI K,FETTER-DEGGES J,JEON J,et al.Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution[C]∥Proceedings of the 20th European Symposium on Research in Computer Security.Vienna:Springer International Publishing,2015:520-538.
[16]GREINER S,GRAHL D.Non-interference with What-Declassification in Component-Based Systems[C]∥Proceedings of the 2016 IEEE 29th Computer Security Foundations Symposium (CSF).Lisbon:IEEE,2016:253-267.
[17]HAIGH J T,KEMMERER RA,MCHUGH J,et al.An experience using two covert channel analysis techniques on a real system design [C]∥1986 IEEE Symposium on Security and Privacy.IEEE,1987:14.
[18]RUSHBY J.Noninterference,transitivity,and channel-control security policies:CSL-92-02[R].Menlo Park:SRI International Computer Science Laboratory,1992.
[19]BALDAN P,BEGGIATO A.Multilevel Transitive and Intransitive Non-interference,Causally[C]∥Proceedings of the 18th IFIP WG 6.1 International Conference.Greece:Springer International Publishing,2016:1-17.
[20]EGGERT S,VAN DER MEYDEN R.Dynamic intransitive Noninterference revisited[M]∥Formal Aspects of Computing,2017,29(4):1-34.
[21]MANTEL H,SANDS D.Controlled declassification based on intransitive noninterference [M]∥Programming Languages and Systems.Springer Berlin Heidelberg,2004:129-145.
[22]HICKS B,KING D,MCDANIEL P,et al.Information release:high-level policy for a security-typed language [C]∥Procee-dings of the 2006 Workshop on Programming Languages and Analysis for Security.Ottawa:ACM Computer Society Press,2006:65-74.
[23]ASKAROV A,SABELFELD A.Gradual Release:Unifying Declassification,Encryption and Key Release Policies[C]∥Proceedings of IEEE Symposium on Security and Privacy.Berkeley,CA:IEEE Computer Society Press,2007:207-221.
[24]BROBERG N,SANDS D.Flow locks:Towards a core calculus for dynamic flow policies[M]∥Programming Languages and Systems.Springer Berlin Heidelber,2006:180-196.
[25]MYERS A C,LISKOV B.Protecting privacy using the decentralized label model [J].ACM Transactions on Software Engineering and Methodology (TOSEM),2000,9(4):410-442.
[26]KOZYRI E,ARDEN O,AC MYERS.JRIF:Reactive Information Flow Control for Java[EB/OL].(2016-02-12)[2017-8-21].https://ecommons.cornell.edu/handle/1813/41194.
[27]ZDANCEWIC S,MYERS A C.Robust declassification[C]∥Proceedings of IEEE Computer Security Foundations Workshop.Cape Breton:IEEEComputer Society Press,2001:15-23.
[28]MYERS A C,SABELFELD A,ZDANCEWIC S.Enforcing robust declassification and qualified robustness[J].Journal of Computer Security,2006,14(2):157-196.
[29]ASKAROV A,MYERS A.A semantic framework for declassification and endorsement[C]∥European Conference on Programming Languages and Systems.Springer-Verlag,2010:64-84.
[30]ASKAROV A,MYERS A.Attacker control and impact for confidentiality and integrity[J].Logical Methods in Computer Science,2011,7(3):563-572.
[31]VOLPANO D,SMITH G.Verifying secrets and relative secrecy [C]∥Proceedings of 27th ACM SIGPLAN-SIGACTSympo-sium on Principles of Programming Languages.Boston,MA:ACM Computer Society Press,2000:268-276.
[32]VOLPANO D.Secure introduction of one-way functions[C]∥Proceedings of 13th IEEE Computer Security Foundations Workshop.Cambridge:IEEE Computer Society Press,2000:246-254.
[33]CHONG S,MYERS A C.Security policies for downgrading [C]∥ 11th ACM Conference on Computer and Communications Securi-ty.Washington DC:ACM Computer Society Press,2004:198-209.
[34]YAO J,TANG Y.Security Downgrading Policies for Competi- tive Bidding System[M]∥Software Engineering and Knowledge Engineering:Theory and Practice.Springer Berlin Heidelberg,2012:587-95.
[35]吴泽智,陈性元,杨智,等.信息流控制研究进展[J].软件学报,2017,28(1):135-159.
[36]孙聪,唐礼勇,陈钟.基于下推系统可达性分析的程序机密消去机制[J].软件学报,2012,23(8):2149-2162.
[37]孙聪,唐礼勇,陈钟.基于下推系统可达性分析的输出信道信息流检测[J].计算机科学,2011,38(7):103-107.
[38]MICINSKI K,FETTER-DEGGES J,JEON J,et al.Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution[C]∥Proceedings of 20th European Symposium on Research in Computer Security.Vienna:springer International Publishing,2015:520-538.
[39]SABELFELD A,RUSSO A.From dynamic to static and back:Riding the roller coaster of information-flow control research [M]∥Perspectives of Systems Informatics.Springer Berlin Heidelberg,2010,5947:352-365.
[40]SHROFF P,SMITH S,THOBER M.Dynamic Dependency Monitoring to Secure Information Flow[C]∥Proceedings of the 20th IEEE Symposiumon Computer Security Foundations.Veni-ce:IEEEComputer Society Press,2007:203-217.
[41]RUSSO A,SABELFELD A.Securing timeout instructions in web applications[C]∥Proceedings of the 22nd IEEE Sympo-sium on ComputerSecurity Foundations.Port Jefferson:IEEE Computer Society Press,2009:92-106.
[42]金丽,朱浩.基于自动机监控的二维降密策略[J].计算机科学,2015,42(7):194-199.
[43]ASKAROV A,SABELFELD A.Tight enforcement of information-release policies for dynamic languages[C]∥Proceedings of the 25nd IEEE Symposium on ComputerSecurity Foundations.Port Jefferson:IEEE Computer Society Press,2012:43-59.
[44]SRIDHAR M,HAMLEN K W.Flexible in-lined reference monitor certification:challenges and future directions[C]∥Procee-dings of the 5th ACM Workshop on Programming Languages Meets Program Verification.Austin,Texas:ACM,2011:55-60.
[45]朱浩,陈建平,金丽.二维降密策略的内联引用监控方法[J].计算机科学,2016,43(11A):352-354.
[46]BOLO I,GARG D.Asymmetric Secure Multi-execution with Declassification[C]∥Proceedings of the 5th International Conference on Principles of Security and Trust.Netherlands:Springer-Verlag New York,2016:24-45.
[47]VANHOEF M,GROEF W D,DEVRIESE D,et al.Stateful Declassification Policies for Event-Driven Programs[C]∥Procee-dings of the 2014 IEEE 27th Computer Security Foundations Symposium.Vienna:IEEE Computer Society,2014:293-307.
[48]ASKAROV A,SABELFELD A.Localized delimited release: Combining the what andwhere dimensions of information release[C]∥Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security.San Diego:ACM,2007:53-60.
[49]MAGAZINIUS J,ASKAROV A,SABELFELD A.Decentra- lized delimited release[C]∥Proceedings of the 9th Asian Conference on Programming Languages and Systems.Kenting,Taiwan:Springer-Verlag,2011:220-237.
[50]姜励,陈健,平玲娣,等.多线程程序的信息抹除和降密安全策略[J].浙江大学学报(工学版),2010,44(5):854-862.
[51]金丽,朱浩.多线程环境中的二维降密策略[J].计算机科学,2015,42(12):243-246,282.
[52]VAN DER MEYDEN R.Architectural refinement and notions of intransitive noninterference [J].Formal Aspects of Computing,2012,24(4):769-792.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Review of Trust Declassification for Software System

PDF (PC)

Abstract

Cite this article

share this article

References

Related Articles 15

Metrics

Comments

Recommended 0

[1]	ZHANG Xiao-yan, LI Qin-wei, FU Fu-jie. Secret Verification Method of Blockchain Transaction Amount Based on Digital Commitment [J]. Computer Science, 2021, 48(9): 324-329.
[2]	WANG Xue-jian, ZHAO Guo-lei, CHANG Chao-wen, WANG Rui-yun. Illegal Flow Analysis for Lattice Model of Information Flow [J]. Computer Science, 2019, 46(2): 139-144.
[3]	DU Yuan-zhi, DU Xue-hui and YANG Zhi. Mixed Flow Policy Based On-demand Distributed Cloud Information Flow Control Model [J]. Computer Science, 2017, 44(10): 150-158.
[4]	WEI Zhen-yu, LU Xiang and SHI Ting-jun. Cross-domain PKI-based Key Agreement Protocol [J]. Computer Science, 2017, 44(1): 155-158.
[5]	ZHU Hao, CHEN Jian-ping and JIN Li. In-lined Reference Monitor Method of Two-dimension Information Release Policy [J]. Computer Science, 2016, 43(Z11): 352-354.
[6]	CHEN Liang, ZENG Rong-ren, LI Feng and YANG Wei-ming. Trust Chain Transfer Model Based on Non-interference Theory [J]. Computer Science, 2016, 43(10): 141-144.
[7]	JIN Li and ZHU Hao. Declassification Policy Based on Automaton Monitoring [J]. Computer Science, 2015, 42(7): 194-199.
[8]	YU Zhi-min, JING Zheng-jun and GU Chun-sheng. Ring Signcryption Broadcasting Scheme Based on Multilinear Maps [J]. Computer Science, 2015, 42(3): 106-110.
[9]	SHAO Jing, CHEN Zuo-ning, YIN Hong-wu and XU Guo-chun. Design and Implementation of Information Flow Control Framework for PaaS [J]. Computer Science, 2015, 42(12): 257-262.
[10]	JIN Li and ZHU Hao. Two-dimension Declassification Policy in Multithreaded Environments [J]. Computer Science, 2015, 42(12): 243-246.
[11]	FENG Gui-lan and TAN Liang. Data Assured Deletion Scheme Based on Trust Value for Cloud Storage [J]. Computer Science, 2014, 41(6): 108-112.
[12]	LI Qin and YUAN Zhi-xiang. Permissive Type System for Internal Timing Information Flow in Multi-thread Programs [J]. Computer Science, 2014, 41(3): 163-168.
[13]	ZHOU Cai-xue and WANG Fei-peng. Improved Certificateless Signcryption Scheme without Pairing [J]. Computer Science, 2013, 40(10): 139-143.
[14]	. Declassification Policy Based on Content and Location Dimensions [J]. Computer Science, 2012, 39(8): 153-157.
[15]	DENG Shu-hua,ZHAO Ze-mao. Secure and Reliable Centralized Multicast Key Management Scheme [J]. Computer Science, 2011, 38(Z10): 50-52.