Computer Science ›› 2018, Vol. 45 ›› Issue (6A): 36-40.

• Review • Previous Articles     Next Articles

Review of Trust Declassification for Software System

ZHU Hao1,2,CHEN Jian-ping1   

  1. School of Computer Science and Technology,Nantong University,Nantong,Jiangsu 226019,China1
    School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 210016,China2
  • Online:2018-06-20 Published:2018-08-03

Abstract: Non-interference model is the baseline security model of information flow control.It ensures zero leakage of secret information,but its restrictiveness of security condition is too strong.Software system inevitably violates non-interference model and releases proper information for its requirement of function.In order to prevent attacker obtain extra information from the channel of information release,the channel should be under control and trusted declassification policy and enforcement mechanisms should be established.Existing declassification policies are classified into WHAT,WHO,WHERE and WHEN dimensions,and existing enforcement mechanisms are classified into static enforcement,dynamic enforcement and secure multi-execution.The characteristics and deficiencies of these mechanisms were compared,the challenge of following study was discussed,and the direction of future study was out-looked.

Key words: Confidentiality, Information flow control, Non-interference, Trusted declassification

CLC Number: 

  • TP311
[1]SABELFELD A,SANDS D.Declassification:dimensions and principles[J].Journal of Computer Security,2009,7(5):517-548.
[5]ZHANG L,ZHENGY,KANTOA R.A Review of Homomorphic Encryption and its Applications[C]//Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications.Xi’an,ICST,2016:97-106.
[6]VAN DIJK M,JUELS A.On the impossibility of cryptography alone for privacy-preserving cloud computing[C]∥5th USENIX Conference on Hot topics in security (HotSec’10).Washington,USENIX Association,2010:1-8.
[7]SABELFELD A,MYERS A C.Language-based information flow security[J].Selected Areas in Communications,2006,21(1):5-19.
[8]ALAM MI,HALDER,R.Data-Centric Refinement of Information Flow Analysis of Database Applications[C]∥Proceedings of the Third International Symposium on Security in Computing and Communications.Kochi,Springer International Publishing,2015:506-518.
[9]GOGUEN J A,MESEGUER J.Security policies and security models[C]∥Proceedings of IEEE Symposium on Security and Privacy.Oakland:IEEE,1982:11-20.
[10]COHEN E.Information transmission in computational systems[J].ACM SIGOPS Operating Systems Review,1977,11(5):133-139.
[11]SABELFELD A,SANDS D.A per model of secure information flow in sequential programs[J].Higher-order and Symbolic Computation,2001,14(1):59-91.
[12]SABELFELD A,MYERS A.A Model for Delimited Information Release[M]∥Software Security-Theories and Systems.Springer Berlin Heidelberg,2004:174-191.
[13]LUX A,MANTEL H.Declassification with explicit reference points[C]∥14th European Conference on Research in Compu-ter Security.Saint-Malo:Springer-Verlag,2009:21-23.
[14]ADETOYE A,BADII A.A Policy Model for Secure Information Flow[M]∥Foundations and Applications of Security Analysis.Springer-Verlay,2009:1-17.
[15]MICINSKI K,FETTER-DEGGES J,JEON J,et al.Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution[C]∥Proceedings of the 20th European Symposium on Research in Computer Security.Vienna:Springer International Publishing,2015:520-538.
[16]GREINER S,GRAHL D.Non-interference with What-Declassification in Component-Based Systems[C]∥Proceedings of the 2016 IEEE 29th Computer Security Foundations Symposium (CSF).Lisbon:IEEE,2016:253-267.
[17]HAIGH J T,KEMMERER RA,MCHUGH J,et al.An experience using two covert channel analysis techniques on a real system design [C]∥1986 IEEE Symposium on Security and Privacy.IEEE,1987:14.
[18]RUSHBY J.Noninterference,transitivity,and channel-control security policies:CSL-92-02[R].Menlo Park:SRI International Computer Science Laboratory,1992.
[19]BALDAN P,BEGGIATO A.Multilevel Transitive and Intransitive Non-interference,Causally[C]∥Proceedings of the 18th IFIP WG 6.1 International Conference.Greece:Springer International Publishing,2016:1-17.
[20]EGGERT S,VAN DER MEYDEN R.Dynamic intransitive Noninterference revisited[M]∥Formal Aspects of Computing,2017,29(4):1-34.
[21]MANTEL H,SANDS D.Controlled declassification based on intransitive noninterference [M]∥Programming Languages and Systems.Springer Berlin Heidelberg,2004:129-145.
[22]HICKS B,KING D,MCDANIEL P,et al.Information release:high-level policy for a security-typed language [C]∥Procee-dings of the 2006 Workshop on Programming Languages and Analysis for Security.Ottawa:ACM Computer Society Press,2006:65-74.
[23]ASKAROV A,SABELFELD A.Gradual Release:Unifying Declassification,Encryption and Key Release Policies[C]∥Proceedings of IEEE Symposium on Security and Privacy.Berkeley,CA:IEEE Computer Society Press,2007:207-221.
[24]BROBERG N,SANDS D.Flow locks:Towards a core calculus for dynamic flow policies[M]∥Programming Languages and Systems.Springer Berlin Heidelber,2006:180-196.
[25]MYERS A C,LISKOV B.Protecting privacy using the decentralized label model [J].ACM Transactions on Software Engineering and Methodology (TOSEM),2000,9(4):410-442.
[26]KOZYRI E,ARDEN O,AC MYERS.JRIF:Reactive Information Flow Control for Java[EB/OL].(2016-02-12)[2017-8-21].
[27]ZDANCEWIC S,MYERS A C.Robust declassification[C]∥Proceedings of IEEE Computer Security Foundations Workshop.Cape Breton:IEEEComputer Society Press,2001:15-23.
[28]MYERS A C,SABELFELD A,ZDANCEWIC S.Enforcing robust declassification and qualified robustness[J].Journal of Computer Security,2006,14(2):157-196.
[29]ASKAROV A,MYERS A.A semantic framework for declassification and endorsement[C]∥European Conference on Programming Languages and Systems.Springer-Verlag,2010:64-84.
[30]ASKAROV A,MYERS A.Attacker control and impact for confidentiality and integrity[J].Logical Methods in Computer Science,2011,7(3):563-572.
[31]VOLPANO D,SMITH G.Verifying secrets and relative secrecy [C]∥Proceedings of 27th ACM SIGPLAN-SIGACTSympo-sium on Principles of Programming Languages.Boston,MA:ACM Computer Society Press,2000:268-276.
[32]VOLPANO D.Secure introduction of one-way functions[C]∥Proceedings of 13th IEEE Computer Security Foundations Workshop.Cambridge:IEEE Computer Society Press,2000:246-254.
[33]CHONG S,MYERS A C.Security policies for downgrading [C]∥ 11th ACM Conference on Computer and Communications Securi-ty.Washington DC:ACM Computer Society Press,2004:198-209.
[34]YAO J,TANG Y.Security Downgrading Policies for Competi- tive Bidding System[M]∥Software Engineering and Knowledge Engineering:Theory and Practice.Springer Berlin Heidelberg,2012:587-95.
[38]MICINSKI K,FETTER-DEGGES J,JEON J,et al.Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution[C]∥Proceedings of 20th European Symposium on Research in Computer Security.Vienna:springer International Publishing,2015:520-538.
[39]SABELFELD A,RUSSO A.From dynamic to static and back:Riding the roller coaster of information-flow control research [M]∥Perspectives of Systems Informatics.Springer Berlin Heidelberg,2010,5947:352-365.
[40]SHROFF P,SMITH S,THOBER M.Dynamic Dependency Monitoring to Secure Information Flow[C]∥Proceedings of the 20th IEEE Symposiumon Computer Security Foundations.Veni-ce:IEEEComputer Society Press,2007:203-217.
[41]RUSSO A,SABELFELD A.Securing timeout instructions in web applications[C]∥Proceedings of the 22nd IEEE Sympo-sium on ComputerSecurity Foundations.Port Jefferson:IEEE Computer Society Press,2009:92-106.
[43]ASKAROV A,SABELFELD A.Tight enforcement of information-release policies for dynamic languages[C]∥Proceedings of the 25nd IEEE Symposium on ComputerSecurity Foundations.Port Jefferson:IEEE Computer Society Press,2012:43-59.
[44]SRIDHAR M,HAMLEN K W.Flexible in-lined reference monitor certification:challenges and future directions[C]∥Procee-dings of the 5th ACM Workshop on Programming Languages Meets Program Verification.Austin,Texas:ACM,2011:55-60.
[46]BOLO I,GARG D.Asymmetric Secure Multi-execution with Declassification[C]∥Proceedings of the 5th International Conference on Principles of Security and Trust.Netherlands:Springer-Verlag New York,2016:24-45.
[47]VANHOEF M,GROEF W D,DEVRIESE D,et al.Stateful Declassification Policies for Event-Driven Programs[C]∥Procee-dings of the 2014 IEEE 27th Computer Security Foundations Symposium.Vienna:IEEE Computer Society,2014:293-307.
[48]ASKAROV A,SABELFELD A.Localized delimited release: Combining the what andwhere dimensions of information release[C]∥Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security.San Diego:ACM,2007:53-60.
[49]MAGAZINIUS J,ASKAROV A,SABELFELD A.Decentra- lized delimited release[C]∥Proceedings of the 9th Asian Conference on Programming Languages and Systems.Kenting,Taiwan:Springer-Verlag,2011:220-237.
[52]VAN DER MEYDEN R.Architectural refinement and notions of intransitive noninterference [J].Formal Aspects of Computing,2012,24(4):769-792.
[1] ZHANG Xiao-yan, LI Qin-wei, FU Fu-jie. Secret Verification Method of Blockchain Transaction Amount Based on Digital Commitment [J]. Computer Science, 2021, 48(9): 324-329.
[2] WANG Xue-jian, ZHAO Guo-lei, CHANG Chao-wen, WANG Rui-yun. Illegal Flow Analysis for Lattice Model of Information Flow [J]. Computer Science, 2019, 46(2): 139-144.
[3] DU Yuan-zhi, DU Xue-hui and YANG Zhi. Mixed Flow Policy Based On-demand Distributed Cloud Information Flow Control Model [J]. Computer Science, 2017, 44(10): 150-158.
[4] WEI Zhen-yu, LU Xiang and SHI Ting-jun. Cross-domain PKI-based Key Agreement Protocol [J]. Computer Science, 2017, 44(1): 155-158.
[5] ZHU Hao, CHEN Jian-ping and JIN Li. In-lined Reference Monitor Method of Two-dimension Information Release Policy [J]. Computer Science, 2016, 43(Z11): 352-354.
[6] CHEN Liang, ZENG Rong-ren, LI Feng and YANG Wei-ming. Trust Chain Transfer Model Based on Non-interference Theory [J]. Computer Science, 2016, 43(10): 141-144.
[7] JIN Li and ZHU Hao. Declassification Policy Based on Automaton Monitoring [J]. Computer Science, 2015, 42(7): 194-199.
[8] YU Zhi-min, JING Zheng-jun and GU Chun-sheng. Ring Signcryption Broadcasting Scheme Based on Multilinear Maps [J]. Computer Science, 2015, 42(3): 106-110.
[9] SHAO Jing, CHEN Zuo-ning, YIN Hong-wu and XU Guo-chun. Design and Implementation of Information Flow Control Framework for PaaS [J]. Computer Science, 2015, 42(12): 257-262.
[10] JIN Li and ZHU Hao. Two-dimension Declassification Policy in Multithreaded Environments [J]. Computer Science, 2015, 42(12): 243-246.
[11] FENG Gui-lan and TAN Liang. Data Assured Deletion Scheme Based on Trust Value for Cloud Storage [J]. Computer Science, 2014, 41(6): 108-112.
[12] LI Qin and YUAN Zhi-xiang. Permissive Type System for Internal Timing Information Flow in Multi-thread Programs [J]. Computer Science, 2014, 41(3): 163-168.
[13] ZHOU Cai-xue and WANG Fei-peng. Improved Certificateless Signcryption Scheme without Pairing [J]. Computer Science, 2013, 40(10): 139-143.
[14] . Declassification Policy Based on Content and Location Dimensions [J]. Computer Science, 2012, 39(8): 153-157.
[15] DENG Shu-hua,ZHAO Ze-mao. Secure and Reliable Centralized Multicast Key Management Scheme [J]. Computer Science, 2011, 38(Z10): 50-52.
Full text



No Suggested Reading articles found!