Flow-Sensitive semantics for dynamic information flow policies

Abstract. This paper gives an introduction to the field of enforcing security policies in a program, by describing an information flow policy called the lattice model and presenting some of the published work on how to enforce security policies. Presented in this paper are run-time enforcement

Abstract. In this paper we study secure information flow policies in the sense of Meadows [12] and others for aggregated datasets, collectively. We first present a method for combining different sensitivity levels over a common dataset and investigate its ramifications on information flow policies

Dynamic updating of information-flow policies Applications that manipulate sensitive information should ensure end-to-end security by satisfying two properties: sound execution and some form of noninterference. By the former, we mean the program should always perform actions in keeping with its

actions of applications. Our proposal consists in a new scheme of submitting applications to market place and installing applications on the device. More precisely, applications are uploaded with a companion information flow policy. A companion policy exactly describes where data used by the application

, however, permits general changes to security policies in use by running programs. This paper presents a simple information flow type system for that allows for dynamic security policy updates while ensuring sound execution and a relaxed form of noninterference we term noninterference between updates

HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Reports quoted are not necessarily available to members of the public or to commercial organisations. ROYAL SIGNALS AND RADAR ESTABLISHMENT REPORT 90020

secret, such as in voting machines. We show how unique representation—the requirement that a data structure have canonical machine representations—can be used to perform modular verification of information flow policies in programs that compose data structures with their clients. We present a

which address a range of concerns including forms of access control and information flow tracking. This paper presents FINE, a new source-level security-typed language that, through the use of a simple module system and dependent, refinement, and affine types, checks the enforcement of dynamic security