文章基本信息

标题：Flow-Sensitive Automaton-Based Monitoring of a Declassification Policy
本地全文：下载
作者：Zhu, Hao ; Zhuang, Yi
期刊名称：Journal of Software
印刷版ISSN：1796-217X
出版年度：2012
卷号：7
期号：11
页码：2478-2487
DOI：10.4304/jsw.7.11.2478-2487
语种：English
出版社：Academy Publisher
摘要：Declassification policies aim to guarantee trusted release of confidential information. The semantic security conditions of declassification policies focus on different dimensions. In order to prevent the special attacks aiming to compromise the mechanisms of declassification, it is important for a declassification policy to combine different dimensions. Moreover, current body of work on the enforcement of the declassification policy focuses on static and flow-insensitive information-flow analysis, which is over-restrictive and imprecise. Dynamic and flow-sensitive information flow analysis techniques offer distinct advantages in permissiveness and precision. As a step in these directions, this paper first presents a declassification policy combining two dimensions, which control the amount and the location of confidential information release respectively, based on the security-typed language proposed. Then we presents an automaton-based monitoring mechanisms of the declassification policy. Abstractions of events occurring during the execution of a program are sent to the automaton as inputs, and the automaton uses these inputs to track the information flows and controls the execution of the program by forbidding or editing insecure commands that violate the declassification policy. Additionally, we prove the monitoring mechanism proposed is sound.
关键词：automaton;confidentiality;declassification policy;information flow security;noninterference