Title :
Enforcing Dynamic Interference Policy
Author_Institution :
LIG, Univ. de Grenoble, Grenoble, France
Abstract :
Noninterference is the mathematical basis for confidentiality analyses. The idea is to ensure that private data will not be observable at a public level. Understood in a strict way noninterference is a too strong property. Standard every day life examples like password checks or message encryption formally break the noninterference property. In this paper we propose a framework in which it is possible to define an interference policy allowing to define safe data declassification. Moreover this policy is dynamic, i.e. the confidentiality level of data may evolve during computation: think at policies in which you want to express that a user has a limited number of guesses or to the sending of a pay-per-view information. We develop a notion of program safety with relation to a dynamic interference policy and give an algorithm (in the form of an abstract evaluation of the program) to check that a program is safe with relation to a dynamic interference policy.
Keywords :
authorisation; data privacy; pattern classification; data confidentiality level; dynamic interference policy; mathematical basis; message encryption; noninterference property; pay-per-view information; private data; program safety; public level; safe data declassification; Cryptography; Electronics packaging; Heuristic algorithms; Interference; Privacy; Semantics; Noninterference; Privacy;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4577-1931-8
DOI :
10.1109/PASSAT/SocialCom.2011.17
