End-to-end multilevel hybrid information flow control

Lennart Beringer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations

Abstract

We present models and soundness results for hybrid information flow, i.e. for mechanisms that enforce noninterference-style security guarantees using a combination of static analysis and dynamic taint tracking. Our analysis has the following characteristics: (i) we formulate hybrid information flow as an end-to-end property, in contrast to disruptive monitors that prematurely terminate or otherwise alter an execution upon detecting a potentially illicit flow; (ii) our security notions capture the increased precision that is gained when static analysis is combined with dynamic enforcement; (iii) we introduce path tracking to incorporate a form of termination-sensitivity, and (iv) develop a novel variant of purely dynamic tracking that ignores indirect flows; (v) our work has been formally verified, by a comprehensive representation in the theorem prover Coq.

Original languageEnglish (US)
Title of host publicationProgramming Languages and Systems - 10th Asian Symposium, APLAS 2012, Proceedings
Pages50-65
Number of pages16
DOIs
StatePublished - 2012
Externally publishedYes
Event10th Asian Symposium on Programming Languages and Systems, APLAS 2012 - Kyoto, Japan
Duration: Dec 11 2012Dec 13 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7705 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th Asian Symposium on Programming Languages and Systems, APLAS 2012
Country/TerritoryJapan
CityKyoto
Period12/11/1212/13/12

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'End-to-end multilevel hybrid information flow control'. Together they form a unique fingerprint.

Cite this