Protecting privacy using the decentralized label model

@article{Myers2003ProtectingPU,
  title={Protecting privacy using the decentralized label model},
  author={Andrew C. Myers and Barbara H. Liskov},
  journal={Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems]},
  year={2003},
  pages={89-116}
}
  • A. MyersB. Liskov
  • Published 1 October 2000
  • Computer Science
  • Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems]
Stronger protection is needed for the confidentiality and integrity of data, because programs containing untrusted code are the rule rather than the exception. Information flow control allows the enforcement of end-to-end security policies, but has been difficult to put into practice. This article describes the decentralized label model, a new label model for control of information flow in systems with mutual distrust and decentralized authority. The model improves on existing multilevel… 

Figures from this paper

A Cryptographic Decentralized Label Model

This paper presents a simple, security-typed language with a novel mechanism called packages that provides an abstract means for creating opaque objects and associating them with security labels and demonstrates that this implementation of packages is sound with respect to Dolev-Yao style attackers.

Information Flow Analysis for File Systems and Databases Using Labels

This work extends this decentralized labels model developed by other authors by addressing specific issues that arise in accessing files and databases and in general in I/O operations, while retaining the support for static analysis and including run-time checks to allow declassification with “controlled information leakage”.

Fine Granularity Access Rights for Information Flow Control in Object Oriented Systems

This work presents an algorithm which enforces message filtering based on the defined access rights and uses access rights applied to object attributes and methods, thus allowing considerable flexibility without compromising system security by leaking sensitive information.

Adding Flexibility in Information Flow Control for Object-Oriented Systems Using Versions

This paper presents an approach to control flow information in object-oriented systems using versions, thus allowing considerable flexibility without compromising system security by leaking sensitive information.

Towards Confidentiality-by-Construction

This work proposes a development method for specifying information flow policies first and constructing programs satisfying these policies subsequently, and replaces functional pre- and postcondition specifications with confidentiality properties and defines rules to derive new confidentiality specifications for each refining program construct.

A trusted execution platform for multiparty computation

This thesis describes a system that combines SPKI with Myers’ label model to connect the names and policies in programs with real-world users and permissions and ensures that the applications it runs protect the privacy of classified data used in computation.

A Trust Management Approach for Flexible Policy Management in Security-Typed Languages

This paper observes that certain design choices of Rx violate the privacy and autonomy requirements of principals in trust management systems, thus making decentralized control over information difficult, and proposes RTI, a new security-typed language that supports fine-grained specification of security for dynamic policy.

Protecting Mobile Codes Using the Decentralized Label Model

A new decentralized label model is proposed and a implementation of this model is implemented in Linux system, MCGuard, which makes the MCGuard applicable in mobile code systems composed of the stock Linux OS and existing mobile codes.

Dynamic Security Labels and Noninterference

An expressive languagebased mechanism for securely manipulating dynamic security labels is presented both in the context of a Java-like programming language and in a core language based on the typed lambda calculus.

Dynamic Security Labels and Noninterference Lantian Zheng

An expressive languagebased mechanism for securely manipulating dynamic security labels is presented both in the context of a Java-like programming language and in a core language based on the typed lambda calculus.
...

References

SHOWING 1-10 OF 52 REFERENCES

Complete, safe information flow with decentralized labels

  • A. MyersB. Liskov
  • Computer Science
    Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186)
  • 1998
A new formal semantics for decentralized labels and a corresponding new rule for relabeling data that is both sound and complete are defined, and it is shown that these extensions preserve the ability to statically check information flow.

Mostly-static decentralized information flow control

This thesis describes the decentralized label model, a new model of information flow control that protects private data while allowing applications to share data and presents the new language JFlow, an extension to the Java programming language that incorporates the decentralizedlabel model and permits static checking of information flows within programs.

JFlow: practical mostly-static information flow control

The new language JFlow is described, an extension to the Java language that adds statically-checked information flow annotations and provides several new features that make information flow checking more flexible and convenient than in previous models.

Transforming out timing leaks

This work presents a surprisingly simple solution to the problem of detecting timing leakages to external observers with a type system in which well-typed programs do not leak secret information directly, indirectly or through timing, and a transformation for removing timing leaks.

A lattice model of secure information flow

The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches to formulating the requirements of secure information flow among security classes.

Security models and information flow

  • J. McLean
  • Computer Science
    Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1990
A theory of information flow is developed that differs from that of nondeducibility, which is used to develop a flow-based security model (FM) and it is seen that the proper treatment of causal factors in such models requires programs to be considered as explicit input to systems.

Certification of programs for secure information flow

This paper presents a mechanism for verifying the secure flow of information through a program that exploits the properties of a lattice structure among security classes and proves that a program cannot cause supposedly nonconfidential results to depend on confidential input data.

Access Flow: A Protection Model which Integrates Access Control and Information Flow

  • Alley Stoughton
  • Computer Science
    1981 IEEE Symposium on Security and Privacy
  • 1981
It is argued that the military classification model of information flow poorly models reality, and a new information flow model based on the controlled sharing of secrets is introduced and a protection model that integrates access control and information flow is developed.

Multilevel security in the UNIX tradition

IX, a multilevel‐secure variant of the Bell Labs research system, aims at sound, practical security, suitable for private‐and public‐sector uses other than critical national‐security applications.

Toward a mathematical foundation for information flow security

  • J. W. Gray
  • Computer Science
    Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1991
It is proved that the proposed definition of information flow security implies an information-theoretic definition and the necessary probability theory to rigorously state and prove probabilistic properties of modeled systems is developed.
...