• DocumentCode
    154018
  • Title

    Information Flow Monitoring as Abstract Interpretation for Relational Logic

  • Author

    Chudnov, Andrey ; Kuan, George ; Naumann, David A.

  • fYear
    2014
  • fDate
    19-22 July 2014
  • Firstpage
    48
  • Lastpage
    62
  • Abstract
    A number of systems have been developed for dynamic information flow control (IFC). In such systems, the security policy is expressed by labeling input and output channels, it is enforced by tracking and checking labels on data. Systems have been proven to enforce some form of noninterference (NI), formalized as a property of two runs of the program. In practice, NI is too strong and it is desirable to enforce some relaxation of NI that allows downgrading under constraints that have been classified as ´what´, ´where´, ´who´, or ´when´ policies. To encompass a broad range of policies, relational logic has been proposed as a means to specify and statically enforce policy. This paper shows how relational logic policies can be dynamically checked. To do so, we provide a new account of monitoring, in which the monitor state is viewed as an abstract interpretation of sets of pairs of program runs.
  • Keywords
    logic programming; program diagnostics; security of data; IFC; abstract interpretation; information flow control; information flow monitoring; noninterference form; relational logic policy; security policy; Abstracts; Contracts; Monitoring; Nickel; Runtime; Security; Semantics; Information flow; abstract interpretation; declassification; endorsement; relational logic; run-time monitoring;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium (CSF), 2014 IEEE 27th
  • Conference_Location
    Vienna
  • Type

    conf

  • DOI
    10.1109/CSF.2014.12
  • Filename
    6957102
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=154018