Title :
Information Flow Monitoring as Abstract Interpretation for Relational Logic
Author :
Chudnov, Andrey ; Kuan, George ; Naumann, David A.
Abstract :
A number of systems have been developed for dynamic information flow control (IFC). In such systems, the security policy is expressed by labeling input and output channels, it is enforced by tracking and checking labels on data. Systems have been proven to enforce some form of noninterference (NI), formalized as a property of two runs of the program. In practice, NI is too strong and it is desirable to enforce some relaxation of NI that allows downgrading under constraints that have been classified as ´what´, ´where´, ´who´, or ´when´ policies. To encompass a broad range of policies, relational logic has been proposed as a means to specify and statically enforce policy. This paper shows how relational logic policies can be dynamically checked. To do so, we provide a new account of monitoring, in which the monitor state is viewed as an abstract interpretation of sets of pairs of program runs.
Keywords :
logic programming; program diagnostics; security of data; IFC; abstract interpretation; information flow control; information flow monitoring; noninterference form; relational logic policy; security policy; Abstracts; Contracts; Monitoring; Nickel; Runtime; Security; Semantics; Information flow; abstract interpretation; declassification; endorsement; relational logic; run-time monitoring;
Conference_Titel :
Computer Security Foundations Symposium (CSF), 2014 IEEE 27th
Conference_Location :
Vienna
DOI :
10.1109/CSF.2014.12
